An arbitrary file download vulnerability exists in dl-skin.php file. A remote attacker might gain access to arbitrary files using a specially crafted HTTP request.

An Arbitrary File Upload vulnerability exists in WebNMS Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

A remote code execution vulnerability exists in WordPress wSecure Lite Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

The vulnerability is due to improper parsing of XML String Content attribute of LeviStudio project files. A remote attacker could exploit this vulnerability by enticing a user to open a crafted project. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.

A cross-site scripting vulnerability exists in WordPress core. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system.

A code execution vulnerability exists in Drupal RESTful Web Services (RESTWS) Module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. A remote attacker could exploit these vulnerabilities by enticing authenticated users to click on a crafted link, performing a man-in-the-middle attack, and crafted HTTP requests. Successful exploitation could allow the attacker to hijack a user session, gain access to administrator credentials, and gain access to confidential information.

A Cross Site Request Forgery vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a page. Successful exploitation could allow the attacker to spoof requests to the server as if from the target user.

An SQL injection vulnerability exists in the WordPress Ninja Forms Plugin. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

JexBoss is a vulnerability scanning product. Remote attackers can use JexBoss to detect vulnerabilities on a target server.