The Cyberoam UTM exposes a web interface through a Jetty web server and this interface allows authenticated users to perform network diagnostic actions such as ping, traceroute, name lookup and so on. These actions are accessible to authenticated users, and are vulnerable to command injection attacks.
92897f1cf9518081c64d69c90f0a44f27f29abc0b185a063b5f3c8018e7b90d7
D-Link DIR-605 suffers from a cross site request forgery vulnerability.
49ad72730d1c661c71c25148ddc1769f2f703b29cc07714c979a0c50eebdb566
.NET Form Authentication suffers from an insecure redirect vulnerability.
b7d5029d3689d071162b8d70d1707c61e41f2ed9e7f4e037b358ca18559e4141
Minify versions 2.1.3 and 2.1.4-Beta suffer from a cross site scripting vulnerability.
dde8807eda13d801c3fb76f0e068de308ad81fb83bad0e3eb929e084e6b943dc
Cyberoam UTM suffers from a remote Active Directory credential disclosure vulnerability.
813ca26d3a9dd5c758c39a37fd5615eb83c64e15267be72ac41521e54e776709
Vtiger CRM version 5.1.0 suffers from a local file inclusion vulnerability.
8e83c51a72f991a07299b08bbdf81235ef5012669b9869013fa6ec78756b144d
Google Talk suffers from a gtalk:// deprecated URI handler /gaiaserver parameter injection vulnerability.
dd0200b63213a631a98d8b18a1d3d1e692a8ed783e1bb7c44a88df16a470ae7f
Various banks such as Citizens Bank, Wells Fargo, and Pro Credit suffer from cross site scripting vulnerabilities.
4b9a310c66cdfa3703c7d42f316b457b45c83f85c84681b139662880b053d9f7
Oreans WinLicense version 2.1.8.0 suffers from an XML file handling unspecified memory corruption vulnerability.
ecaeb80b932c772374367633ded0ddf88a9d374e83667364d56cc37986cf3e2f
Oreans Themida version 2.1.8.0 suffers from a TMD file handling buffer overflow vulnerability.
3f2087c9b5eb545bc7121de64cc500b486a25054948f2ed5f9ab46380d0e0c64
FreePBX versions 2.10.0, 2.9.0, and perhaps earlier versions suffer from cross site scripting and remote code execution vulnerabilities.
c0dc63cbf6a988c5ad9949e03b41cdc392dd8ee9f96e32b725cc523d6c490d96
Apple Mobile Safari on iOS version 5.1 suffers from an address bar spoofing vulnerability.
f58624461c9ee0c687b6f705715dc2c87e21e9ce9ecf806fc1a9ffd94102eac5
Testtrack for Linux suffers from a race condition vulnerability.
1b0a4efddfcaa65693a50f03013569f7dd053cb2ecc75960d866efe4c465d32c
PCWorld suffers from a cross site scripting vulnerability.
12cdf4dbf95e55d1f29820c498c8b02e5538ff74829923ee4e74d89fdc817e60
This advisory documents the Oracle Web Logic Node Manager UNC path remote file execution exploitation details.
daaffc0bec7c483c0d88adc5451469a0a0532e7447405434739568711c8fe617
PeerFTP Server versions 4.01 and below remote crash proof of concept exploit. Written in Python.
7fea8fd5ea03f6f40b86a936296cfa83efffedf1395acd42b3bd95bde1104b3a
Vacation Packages Listing suffers from a remote SQL injection vulnerability.
06d51cfd5847e2d01f1e210c5f047b2e87a6e3ddd64f16f5bdb612d879290496
Adobe Photoshop version 12.1 suffers from a tiff parsing use-after-free vulnerability.
f8d08b77d5e4ec2a3455310b3eb7514136a65d57d5965402861c27c213cecf32
Android FTPServer version 1.9.0 suffers from a denial of service vulnerability.
99b5263cdc7ac818b9abb4a71cfa2959797c47d75eb9f28f2708337a4473d0f9
Novatel MiFi 2352 suffers from a direct access to backup file vulnerability.
80873992662c38a0eb7c7a2ddb405fe7d26b936847457fbc64bc052df6d43d34
Jeroen Van Lievenoogen suffers from a remote SQL injection vulnerability.
f7a1f637deb45c3dca34335e4601cd060758a05b7f8da674a85c7b4af2850a3f
Gnuboard versions 4.34.20 and below suffer from a cross site scripting vulnerability.
3e48ba6e879dfda5165cb49e5f9bf3129912dd6d1b24f4ecd8ec5425b9af08fe
Tiny Server versions 1.1.9 and below HTTP HEAD remote denial of service exploit.
ea29e8688342ab72d8692aae59d41c9c05fc1231bab6544f521d54a3034068ff
The Dell Webcam software bundled active-x control CrazyTalk4Native.dll suffers from a remote buffer overflow vulnerability.
4602832995fbcf6a2ccdc7e3b461f2c912eb866acd281ca2f1041eff63882cc0
LANDesk Lenovo ThinkManagement Suite version 9.0.3 suffers from a core server remote arbitrary file deletion vulnerability.
0c80de7eb7401e75b9edafdab61c3336a8c7bbaca85898f61b94f2f26254ccd3