JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838.

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.

Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.

Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.

Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding.

Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request.

EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.

The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session.

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.

Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message.

Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file.

Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.

Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.

Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui Forum, possibly 1.0 Beta, allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.

Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.

Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions.

Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html.

Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.