The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 18.104.22.168, 4.x before 22.214.171.124, and 5.x before 126.96.36.199 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
phpMyAdmin is prone to a sql-injection vulnerability. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpMyAdmin 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 188.8.131.52 and 4.0.x versions prior to 184.108.40.206 are vulnerable.
phpMyAdmin is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks.
phpMyAdmin 4.6.x prior to 4.6.4, 4.4.x prior to 220.127.116.11 and 4.0.x prior to 18.104.22.168 are vulnerable.
Moodle is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Moodle 3.1.2 and prior versions are vulnerable.
An information disclosure vulnerability exists in Microsoft Office when Microsoft Office fails to properly handle office files. An attacker who successfully exploited this vulnerability could use a specially crafted file to perform code execution in the context of the current user.
PHPMailer prone to a remote code execution vulnerability. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. A Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the web server user and remotely compromise the target web application.