Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session.
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields.
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5104. Reason: This candidate is a reservation duplicate of CVE-2010-5104. Notes: All CVE users should reference CVE-2010-5104 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5103. Reason: This candidate is a duplicate of CVE-2010-5103. Notes: All CVE users should reference CVE-2010-5103 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5102. Reason: This candidate is a duplicate of CVE-2010-5102. Notes: All CVE users should reference CVE-2010-5102 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5101. Reason: This candidate is a duplicate of CVE-2010-5101. Notes: All CVE users should reference CVE-2010-5101 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5100. Reason: This candidate is a duplicate of CVE-2010-5100. Notes: All CVE users should reference CVE-2010-5100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candidate is a duplicate of CVE-2010-5099. Notes: All CVE users should reference CVE-2010-5099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5098. Reason: This candidate is a duplicate of CVE-2010-5098. Notes: All CVE users should reference CVE-2010-5098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5097. Reason: This candidate is a duplicate of CVE-2010-5097. Notes: All CVE users should reference CVE-2010-5097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.
latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
