trixbox < 2.6.1 - Remote File Inclusion via langChoice Parameter
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
Ipswitch WhatsUp Gold 15.02 - Cross-Site Scripting via SNMP System Name
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.