iBaby M3S has a password of admin for the backdoor admin account.

Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.

Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.

Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response.

Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value.

Opsview before 2015-11-06 has XSS via SNMP.

Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.