The Flash plug-in in Google Chrome before 27.0.1453.116 does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 184.108.40.206, 5.3 before 220.127.116.11, and 5.4 through 18.104.22.168 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters.
An unspecified buffer-read method in IBM Sterling Control Center (SCC) 5.2 before 22.214.171.124, 5.3 before 126.96.36.199, and 5.4 through 188.8.131.52 allows remote authenticated users to cause a denial of service via a large file that lacks end-of-line characters.
The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.