Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.

Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.

Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.

Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.

Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application.