An SQL injection vulnerability exists in the WordPress Ninja Forms Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

A Cross Site Request Forgery vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a page. Successful exploitation could allow the attacker to spoof requests to the server as if from the target user.

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. A remote attacker could exploit these vulnerabilities by enticing authenticated users to click on a crafted link, performing a man-in-the-middle attack, and crafted HTTP requests. Successful exploitation could allow the attacker to hijack a user session, gain access to administrator credentials, and gain access to confidential information.

A code execution vulnerability exists in Drupal RESTful Web Services (RESTWS) Module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

A cross-site scripting vulnerability exists in WordPress core. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system.

The vulnerability is due to improper parsing of XML String Content attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.