CloudView NMS before 2.10a has XSS via SNMP.

CloudView NMS before 2.10a has a format string issue exploitable over SNMP.

OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.

Paessler PRTG before 16.2.24.4045 has XSS via SNMP.

OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.

OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9, Professional Edition v4.8.12, Professional Edition v4.9.9, Community Edition v4.8.12, Community Edition v4.9.9.

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.

OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.