eFront Enterprise version 3.6.10 suffers from database disclosure and remote SQL injection vulnerabilities.
1fd9e864d44a25eee8e7166410407a89d43048f8e5e5992f391ba11ec119536f
Opera version 11.52 suffers from a stack buffer overflow when switching between two different escape sequences.
2c01e5cf78a988c87379be0eda664a5b7505e067c341ae0889515cedbd48f166
Subgroop suffers from a remote SQL injection vulnerability.
22deea47f603904b5f2b0ebcd15879639d723c10390818f913f7ad894e52b451
SjXjV version 2.3 suffers from a remote SQL injection vulnerability.
031e873aac9e8ae9bc4cd6cb1cab1c02803fe972fb8d73230dd8a37ef5f6a825
EnjoyGraph suffers from a remote SQL injection vulnerability.
865391d796806241633b4046c09ef43dcb615c7752c28d1fb4e0a087c350e15e
Plici version 2.0.0.Stable.r.1878 suffers from a cross site scripting vulnerability.
26f9145933b76de79645b2d9ffe0fbecf01c0d18ef174fc2f09219126df4f5dd
poMMo Aardvark version PR16.1 and below suffer from brute force, insufficient anti-automation, and cross site scripting vulnerabilities.
4a4c5af254198f68cea36317c0e9835adfe2a92bfc0db43a4f74945c9778565f
Simple Balance version 2.0 suffers from a cross site scripting vulnerability.
36db3ea3c0395729d8ba32868fc09550a640921ba3a083791b5859499b043bb9
Xorg versions 1.11.2 and below suffer from a permission change vulnerability that allows a local user the ability to set an arbitrary file to 444.
9f6009b727030f6089ce212fb9833092feb2cd7c92c9d65e65e274472ecb43ce
The Toshiba eStudio multifunction printer suffers from an information leakage vulnerability as passwords can be extracted in plaintext from the html source code of various configuration pages.
5734383d4ee705db601bc8d3d5e3c2dd43c7d59704ae77a50bf1ce5366dd57bc
This Metasploit module exploits a stack-based buffer overflow in GTA SA-MP Server. This buffer overflow occurs when the application attempts to open a malformed server.cfg file. To exploit this vulnerability, an attacker must send the victim a server.cfg file and have them run samp-server.exe.
6516b83685589a1ead2d78e1fafcac820b7f9e19416217a6dda64bcf91cceef6
This Metasploit module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
5d5d2dee3205b21a8812ad1ba723eaf15edbd136751c83c17084738dd1505d2a
eFront versions 3.6.10 build 11944 and below suffer from code execution, authentication bypass, shell upload, and remote SQL injection vulnerabilities.
a2df7a32a7dd4ae0a9bc4dbd2e2499dc496f68c261d43e949234ee9dc33f4c05
Online Subtitles Workshop suffers from a cross site scripting vulnerability.
9cbb9700dbfdbd15641db3845b8658946376a74750116516f4e3f542a962eb68
MG For Media Solutions suffers from a remote SQL injection vulnerability.
5854e56c6d82eb0e3a4619ba64ea0aa2129db006cd53f457e44bf00c1152c052
A vulnerability was found in the software IWSS of TrendMicro that could allow an attacker to gain root access in the system. The binary "patchCmd" has sticky permissions for the "setuid" and "setgid" with the user root. The execution is allowed to all users. The code performs a setuid(0) before an a system() by that the execution will take root permissions regardless of user permissions.
5c58e2ec89a7aa0742214e1aec3ff4472b0358ec1afdb3c3b4436e5f3f5fc91b
Xampp version 1.7.4 for Windows suffers from cross site scripting vulnerabilities.
cd1c116e00f67c7bd2d9a1dffc91e3af3e2a36d6d43eac27b4dc04258e04bcc5
vtiger CRM version 5.2.1 suffers from a cross site scripting vulnerability when parsing user input to the _operation and search parameters in the /modules/mobile/index.php script.
0d29026874a0d4432347cabc827eb094403c710e733c7fac2c1688bc88169e26
The Joomla YJ Contact component suffers from a local file inclusion vulnerability.
14b63d4cd8536eb5a40ccc49a0ccbff854ddb4ce8b606664beda0c785752f6f3
Jara version 1.6 suffers from a cross site scripting vulnerability.
08036c096ed9ba555d987f0a515c9421a8e0f73c23a18cc498818681fbd8d29c
This Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.
e1b54786a4e2d61486487555756f54e0b3b67f845210590ec4291fbcedf138f3
The zFTP server suffers from a remote denial of service condition when handling multiple STAT and CWD command requests.
8407a8948f7a9148808d25756720686181651afab0fbe2eb264d023cb76c64bb
OmniTouch Instant Communication Suite suffers from cross site request forgery and cross site scripting vulnerabilities.
07892a2e4751df91fbe28681577a37dca30715e6cc870860ee5c81e2769086a2
Alsbtain Bulletin versions 1.5 and 1.6 suffer from multiple local file inclusion vulnerabilities.
9a3fd172373b47da0252bf9023f0313719a8e2c25ed6eebe23244427cf6c7449
Art Dimension suffers from a remote SQL injection vulnerability.
7a7badbf6a781e94a3577fa8aede073768f0c3dbfc109ab2f202fd394b6c8ee0