Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.

CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.

The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request.

The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."

The DNP3 service in the Outstation component on Elecsys Director Gateway devices with kernel 2.6.32.11ael1 and earlier allows remote attackers to cause a denial of service (CPU consumption and communication outage) via crafted input.

Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.

The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902.

lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation.

Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file.

Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.

The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (IPDT AVL corruption and device reload) via a crafted sequence of ARP packets, aka Bug ID CSCuh38133.

Cisco IOS XE does not properly manage memory for TFTP UDP flows, which allows remote attackers to cause a denial of service (memory consumption) via TFTP (1) client or (2) server traffic, aka Bug IDs CSCuh09324 and CSCty42686.

The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote attackers to cause a denial of service (card reset) via crafted (1) TLS or (2) SSLv3 packets, aka Bug ID CSCuh34787.

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161.