e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin’s cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin’s status via a GET request.
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
DLink DVGN5402SP with firmware W1000CN00, W1000CN03, or W2000EN00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.