Appologics AirBeam version 1.9.2 suffers from remote command execution and cross site scripting vulnerabilities.
8ce9c3cce7b6c656de8a899d4ab00a7c1296eda6d0e3a58196b6908a77ea2dda
Skidata RFID Freemotion.Gate suffers from having an unauthenticated web service that allows for arbitrary remote command execution. Version 4.1.3.5 is affected. Earlier versions may also be affected.
5960d3c57db6941d9902fb1693d0b272bfb2b78c683a42584efc3cae2c07e1a6
PayPal GP+ suffered from a cross site scripting vulnerability.
82b4d2446d4e666d8de3ecba090bd79d3921f13222e99bdf744771566fa7f9c6
Persistent script injection vulnerabilities were discovered in the PayPal Billsafe offering.
2101e5745f62b7776999a807cd3411d014cb2d594bcffda669016a2200ef03b9
Remote attackers could influence a redirect in PayPal's www.paypal-biz.com site.
ad30199576977fc30c90bdbd761713466c98d568a6beb827da07a26044a103e7
TomatoCart version 1.1.8.2 suffers from local file inclusion and directory traversal vulnerabilities.
80edf86022b40bc33df2e29333ac72332b23148388612cd80bcc1bac5cb7b036
WordPress Tweet Blender plugin version 4.0.1 suffers from a cross site scripting vulnerability.
7dd056ebf7a017614701914e9d8cdf3368acf8be185e3d65dc66b408e337e672
PHP-Nuke version 8.2.4 suffers from cross site scripting and local file inclusion vulnerabilities.
e6a6feff30584aa0b101a715aac4a57ef1a047c221e5c1801ebe24b0f614d01e
Facebook suffers from yet another open redirection vulnerability. This time the issue is in campaign/landing.php.
fa83309f306ce394994a46fa30357ecafc806aa8106411b43263e5362d25cd29
DeepOfix versions 3.3 and below suffer from an SMTP server authentication bypass vulnerability due to an LDAP issue. Exploit included.
24bd2a61ed26e639e6b823b3e2f7cc39031c2662744ed2bbda21195c3924d603
DesktopCentral versions prior to 80293 suffer from a remote shell upload vulnerability.
4aad22e43397ec7360050815be62145be5467cc3cc7f5dc670993b7a63712604
Kaseya version 6.3 suffers from a remote shell upload vulnerability.
20dc6ed57c27f12c771790a0beb065620e6be1b55b63ed26a4bc41e7bec9b483
Optomise System Ltd suffers from cross site scripting and information disclosure vulnerabilities.
c1f0ce5a3fe26ddb99b0616d5d61b0460e2f1e5b210f0a665619a91d61d91148
This Metasploit module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the close_window.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system() from libc with an arbitrary CMD payload sent on the User-Agent header. This Metasploit module has been tested successfully on Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware SMT_X9_214.
3db49add914cadb4e6f7130ba3b4a6a1c8c69c567c9d6a7d82b5980b09616017
Elastix version 2.4.0 suffers from multiple cross site scripting vulnerabilities.
509909bae460646e9c79ae511e3c817214b4574939b7672fc3723d3773259720
Limonade Framework version 3.0 suffers from a local file disclosure vulnerability.
443d4ee19f551464d8ebd684cb014326802ade98ba48a5bd76668b40540b2616
WordPress Euclid theme suffers from a cross site request forgery vulnerability.
49fde0a1248fb3f261935e7861a803f31c5996379e540c4452c31d2caa41d47d
WordPress Dimension theme suffers from a cross site request forgery vulnerability.
c79f4bdf46ea63e7957d6c6e13d78d30ac7c626decaf17605d13c77d8d8b5370
WordPress Amplus theme suffers from a cross site request forgery vulnerability.
90cdcb8d4e659c08cee7021e9bc9fa3135983a4188217e174de3a055e42dd6f1
WordPress Make A Statement theme suffers from a cross site request forgery vulnerability.
bc164cec434beccdd48ac4cb8f5fac9449eb0916b078caa972f7ac7fe5464bbc
Avira Secure Backup version 1.0.0.1 build 3616 suffers from a buffer overflow vulnerability.
8a2c729190e444854e9eea2ba4a3bf9fc83b7990ca632fb6cff00b8e685190a9
Livezilla versions prior to 5.1.0.0 suffers from a local file inclusion vulnerability that allows for remote code execution.
0d889dda1d61a291e63c26f5eb8833f690853477131521889e5880c66ea203d1
Eclipse.org suffers from a remote error-based SQL injection vulnerability.
4891c1a9e0a985be36498559d7f6aef0c86b7914a7631895c81deb87f34be354
Testa Online Test Management suffers from a remote SQL injection vulnerability that allows for login bypass. Note that this advisory has site-specific information.
5492b8331dd06e3e35f6b3b710794cbb5e3c55fb56480ea77af36b2fa81847e7
This Metasploit module will create a new session with SYSTEM privileges via the KiTrap0D exploit by Tavis Ormandy. If the session in use is already elevated then the exploit will not run. The module relies on kitrap0d.x86.dll and is not supported on x64 editions of Windows.
b61f14f2873aa1c647ab01600db74d813ae4c68913ed531266fd588ac8aff25a