AppHomeControllerZhuantiController.class.php in TuziCMS 2.0.6 has SQL injection via the index.php/Zhuanti/group?id= substring.

Source

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection.

Source

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

Source

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.

Source

The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.

Source

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.

Source

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

Source

The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.

Source

The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant XSS.

Source

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.

Source