The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.
An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal.
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.