eM Client e-mail client version 5.0.18025.0 suffers from a stored cross site scripting vulnerability.
58d63f0347684b64df7ea221869f6c49d7b63d4b6ed451c1bfe8a5229f8066e7
Open-Xchange AppSuite versions 7.0.0 through 7.2.2 suffer from configuration issues, improper authentication, and information exposure vulnerabilities.
393084afb3f746ac92087e7fb8bea6c43ddf19add07b5f609d261fad8e20ab06
D-Link DIR-505 devices suffer from privilege escalation issues due to hard-coded credentials, path traversal, command injection, weak encryption, and authentication bypass vulnerabilities. Firmware versions 1.06 and below are affected.
8a8599ba9b468a620142f74a018497ca8ea2d269edd81b4c2d50dd77216b232d
Target Longlife Media Player version 2.0.2.0 crash proof of concept denial of service exploit that creates a malicious wav file.
48cdc5764ea1c7cfb59ae9ce2b8a19cc8769e9e02664a2f300fa5ffb7f1b9979
Sites powered by CIS Manager suffer from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
9a29ebb882f3ec5f6d82ab013ec40539c0e1e4d0d34e48ba62d2d2d0d163095b
Sites powered by Interalp Touristik suffer from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
400e2966fc38c475967508c657b71ab369aca61dbe5330223132b945473c608c
Site powered by WinFakt! Webwinkel suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.
1b5edfbf364c20c17dc13de311da7dffce63f64665e514d03ca8220d48721352
Site powered by Infoideias suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this advisory has site-specific information.
a0dc4586252b198ea0db1cb5fbbd00714ea51b5c2acecf9616f952e939303aee
Lua-Programming Language version 1.6 for iOS suffers from a remote file upload vulnerability.
bb4f88d155d9c74c2279e7d163ac7dff5c0cc5fe6107f2bb1597472784143416
glFusion version 1.3.0 suffers from a remote blind SQL injection vulnerability.
436ea226bb9dfb98db5db5fda741ecdc73e6900ba62889d9e67d56e87915048e
In IE8 standards mode, it's possible to cause a use-after-free condition by first creating an illogical table tree, where a CPhraseElement comes after CTableRow, with the final node being a sub table element. When the CPhraseElement's outer content is reset by using either outerText or outerHTML through an event handler, this triggers a free of its child element (in this case, a CAnchorElement, but some other objects apply too), but a reference is still kept in function SRunPointer::SpanQualifier. This function will then pass on the invalid reference to the next functions, eventually used in mshtml!CElement::Doc when it's trying to make a call to the object's SecurityContext virtual function at offset +0x70, which results a crash. An attacker can take advantage of this by first creating an CAnchorElement object, let it free, and then replace the freed memory with another fake object. Successfully doing so may allow arbitrary code execution under the context of the user. This bug is specific to Internet Explorer 8 only. It was originally discovered by Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update.
1c003b48b2f0c41a3c3ef91938ebd714d766a2510222a8c5b84652445ec8f591
This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists on the opcactivate.vbs script, which is reachable from the APIBSMIntegrationImpl AXIS service, and uses WScript.Shell.run() to execute cmd.exe with user provided data. Note which the opcactivate.vbs component is installed with the (optional) HP Operations Agent component. The module has been tested successfully on HP SiteScope 11.20 (with HP Operations Agent) over Windows 2003 SP2.
02888ebdda6dc97a16fcb507f825f9cfbf26bc98824bc1efc03e5b0ff9d28b2f
Android FTP Serve version 1.2 exposes the configuration file with full read and write permissions. A malicious party can overwrite the credentials for the administrator and escalate privileges.
3dd744c0f1c0dd5fbffad80344f989d7b3436f5030e2d950967eb38f7e5aca7f
Moodle versions 2.3.9 and below and 2.4.6 suffer from a javascript insertion vulnerability that allows for the addition of an RSS blog.
6c800321ff5da86e73199561fdef96721f8bc5417e76c8a405874d08d029a1a7
Ruby Gem Features version 0.3.0 suffers from a file injection vulnerability that can lead to cross site scripting.
c7a54aa106b7c9bed756067a2616950105a69b23c99d49249959d5fa0792fbd6
Watchguard Server Center version 11.7.4 suffers from a dll hijacking vulnerability with wgpr.dll.
b67a720d0a797532d0f3e4fea6a5b7cd8823f0a69b548c11cca0352f1007db8e
E-Local Business Directory suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
c1d4c9d5f50521e060fe033687d603aa630e392d325da34fe3e28f1eee8a7e6c
Real Estate PHP Script suffers from a cross site scripting vulnerability.
eb35f8e405da94d313757ebb8ae923971442c98b949e0e63c130d42119376e1e
This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10.
02521b6229ecb5c00ebc4a5b2081e20949f1c436bc6899cb1c51b9e3982be68b
Xoops version 2.5.6 suffers from multiple cross site scripting vulnerabilities.
732c016a214a226e7da6dcf115b40bb86fc5de7d0885d0e950ddf7520b2c2f01
John CMS versions 1.0 through 5.1 suffer from a persistent cross site scripting vulnerability.
65f89faf31f51ac39e66872698d33b927f9974d0283f5747f8e77d2023f89e43
sensiGal version 2.0 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
eb57645bb192ed4c880014c96390361b1fae2f59d207e17c7bf704c561d67e83
Sites powered by CommonMan Technologies suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
487536d971625dd8b09eecb7d9dd8227121b140e0d142f1d5f644f9ef2ca3c4c
Core Security Technologies Advisory - Sophos Web Protection Appliance versions 3.7.9 and earlier, 3.8.1, and 3.8.0 suffer from multiple OS command injection vulnerabilities.
9b18440c26f1295d0a92ba4d7e6ec1dd5c6560e29f7da1ea8bd466580e248550
AjaXplorer versions 5.0.2 and below suffer from remote shell upload and path traversal vulnerabilities.
552ae25c2c91eea7e941959524c55a6d80f32e9fbf854b3fd67ea2e5065006f2