Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities

Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.

Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.

Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.

PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img directory.

open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.

The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.