A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 22.214.171.124.
SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie.