Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

An issue was discovered on Miele Professional PG 8528 PST10 devices. The corresponding embedded webserver “PST10 WebServer” typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1.

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_content parameter. Someone must login to conduct the attack.

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_title parameter. Someone must login to conduct the attack.

XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_summary parameter. Someone must login to conduct the attack.