Classifieds Creator version 2.0 suffers from a remote SQL injection vulnerability.
469802ef4e01943e3566c6fe54ad7a3e3e9a3e84b4851b5694bd10c727f2d6c7
C2C Forward Auction Creator version 2.0 suffers a remote SQL injection vulnerability.
ae31cd335ed87386bcafdb14fe024120d0f470311e5145ece776f00d8bebba93
iScripts MultiCart versions 2.4 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
8116f2279a10f7bdb72b6df08d209697707902f047a882d86a524e3a509ac792
Osclass version 3.3 suffers from cross site request forgery, remote SQL injection, and directory traversal vulnerabilities.
4fa3514459f4aca30fccd02be0cf6585b6640c1c254bb345c870f8314607400b
Microsoft Online, Office and Cloud suffer from persistent encoding issues that can allow for cross site scripting.
63cf5e2791308ca0d363962ff6c757b4793ef7bcfe09f63ed76b3d045e0a8e1f
KikChat suffers from local file inclusion and remote command execution vulnerabilities.
0fefc791df94702470f534eb7c319bdf9254a296e5a9505420e52df50b9d42a7
Ditto Forensic FieldStation versions 2013Oct15a and below suffer from remote command execution, cross site scripting, cross site request forgery, hard-coded credential, and various other vulnerabilities.
df3e62ea52b2c4c9f389b63ca271b8910f8d98956a4658742ef79cc7af486ddc
Phone Drive Eightythree version 4.1.1 suffers from local file inclusion, command injection, and remote shell upload vulnerabilities.
d8fd9d38629a05f4f2d3503fdca9cb59932802bc0b930220465cce85922df7fa
Microsoft PhotoStory suffers from a cross site scripting vulnerability.
a28bfc6192eee283fc89e1171132bf7f47271fa8391894f76eec1341deb61b3d
Ruby Gem Webbynode version 1.0.5.3 suffers from a remote command injection vulnerability.
bfaa7907aba801776aeefc69d46a1d02c5a36c3932a60c392cd07d6e4f7b0d43
Microsoft Yammer suffered from multiple cross site scripting vulnerabilities.
ffa493a522284668c4144c5b4d98ae3cb0b8e667db062ea350d352b646b98b01
Ring Jordan suffers from a remote SQL injection vulnerability in their administrative functionality. The author has tried to contact the vendor and has received no response. The SQL injection issue allows for authentication bypass.
b0303595796d9f5fd9fd11582864f2c0b8d4f8b08600a13e9711b7fbd093fa52
Telmanik CMS version 1.01 suffers from a remote shell upload vulnerability.
c56f47cbdbd567480466a838ad2a346f2ad6aba77864ba331f9655d07cbfa208
WordPress WP-Realty third party plugin suffers from a cross site scripting vulnerability. Note that these findings house site-specific data.
68e5167100d03041530d425635011c823f93e89895b31c229d47d02523f7c7ee
Core Security Technologies Advisory - Windows kernel is prone to a security vulnerability when executing the (GDI support) function 'RFONTOBJ::bTextExtent' located in 'win32k.sys'. This vulnerability could be exploited by an attacker to crash the windows kernel by calling the user mode function 'NtGdiGetTextExtent' with specially crafted arguments. Microsoft admits that this vulnerability may allow Elevation of Privilege attacks but did not provide further technical details.
4c383dc1dc20874f4383e72d2f073249cf93372d58371b51b38ef7fc56b925b6
Vtiger version 5.4.0 suffers from multiple reflective cross site scripting vulnerabilities.
46e34297293eac83bae71ead7c25d12b59b59c45ffcc8e3a0a616f838ad25e3f
InstantCMS version 1.10.3 suffers from a remote SQL injection vulnerability.
23828f2ece7ce5ee132cb50ec95a38c18e45a28fd502c207d11da99c50075f63
eFront version 3.6.14 build 18012 suffers from multiple stored cross site scripting vulnerabilities.
0ff0d1243fbef082f5564e536031f90a1a13ceb825468e90ffd5cce8cde11021
Photo Video Album version 1.0 suffers from local file inclusion and remote shell upload vulnerabilities.
f3876755c36f7ac9243e6f8a55d654c919116bcd7078c7115015dc4c737dd532
The official Vatican web site suffers from a cross site scripting vulnerability.
d803f05012af0c7d4a8ad518230fd5aa68d9934addc4f1e0ac0b93fd249f5c2c
Core Security Technologies Advisory - IcoFX is prone to a (client side) security vulnerability when processing .ICO files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of IcoFX to open a specially crafted icon file. Version 2.5.0.0 for Windows is affected.
e6dff7d349a0e93cb8dcc794915fdfde76e566041ccccf904fc0244c16a59b12
Veno File Manager suffers from an arbitrary file download vulnerability. The vendor has contacted Packet Storm and has noted that this has been addressed starting in version 1.0.3.
80512b799f75ba354914c5888ab9ecd01e3b541be21758a5632997f5fbc2d7a1
This Metasploit module exploits a directory traversal vulnerability on the version 11.52 of HP LoadRunner. The vulnerability exists on the EmulationAdmin web service, specifically in the copyFileToServer method, allowing to upload arbitrary files. This Metasploit module has been tested successfully on HP LoadRunner 11.52 over Windows 2003 SP2.
3ecfa30b0524d6d84a7b8d523d5b32e43379309197e84b8213bd82d2450eebc7
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing authentication on the admin web interface which then could lead to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.
09ebd63c7a46949c50bf462317ac70d7ecfe31f97bac6c746f870def7e83e007
EMC Data Protection Advisor version 5.8 sp5 suffers from a DPA Illuminator EJBInvokerServlet remote code execution vulnerability. Proof of concept code included.
bec0bb61454387d713dc7ce4ade6cefcbc27df7b553ab6873ee83cad51e2a1c6