SQL injection vulnerability in SetucoCMS.

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site scrip inclusion (XSSI) attack.

Cross-site scripting (XSS) vulnerability in SetucoCMS.

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.

SetucoCMS allows remote authenticated users to execute arbitrary code.

An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.

SetucoCMS allows remote attackers to alter or disclose information, related to session information.

An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the “token” cookie issued at login.