WordPress DT Chocolate plugin suffers from a cross site scripting vulnerability in jplayer.swf.
ca76d61472f76097e13b9dc8f3d2445a0b57ee437e584cf7eeaa019947b86eb7
Appointment Scheduler version 2.0 suffers from file disclosure, cross site request forgery, and cross site scripting vulnerabilities.
c862a29944969863f0975fcc7d158a1e88bc1056d42e23427041ef26085170b4
Car Rental Script suffers from cross site request forgery and cross site scripting vulnerabilities.
f875528451adbf590ff5d42e8db5528e9767054b64d9a39838371b6e8e9ebfc1
Event Booking Calendar version 2.0 suffers from cross site request forgery, remote SQL injection, and cross site scripting vulnerabilities.
6e48051ca41d4a5840ce63add66a1bddb3bb21040e2895174b0a34fa26916171
The piggyback parameter on ads.yahoo.com is prone to an open redirect vulnerability. Yahoo! addressed this by simply not fixing it and removing it from the bug bounty scope.
50c6a4f2d1b103f3063eff08517e16411735828edf4dfd0f56e57844ec8da341
Conceptronic camera CIPCAMPTIWL with firmware 21.37.2.49 suffers from a cross site request forgery vulnerability.
c936953abc9b003cdedd3e88f2c0d79e0d4917e23725676c6212ee65de3ad7d4
The Joomla Aclassfb component suffers from a remote shell upload vulnerability.
9d0fb8ff59906454f8f77b6cd1a8d6cbd5c42f068d8b4fc058718a4e32f3316f
vBulletin YUI version 2.9.0 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
70b04ec197f8e63c02b7663b1a4b2d9d18521f1c0c32ac2e1970802272e3fc06
This Metasploit module will cause remote code execution on several SerComm devices. These devices typically include routers from NetGear and Linksys. Tested against NetGear DG834.
9b733578aa9b9d3b0e314171f950e5b06d7e37d888dc961f586106abfaaeedec
WordPress NextGen Gallery plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
2048dd3332f93135c9fa534a0d715495878f18701186d45dda32ab9eff032a79
The Joomla Melody component suffers from a cross site scripting vulnerability.
6102f20c0e44aa4040f3c629757e685bd0741d329ca67792e2fd597dab8e54ad
Burden version 1.8 has an authentication flaw that can be exploited by a remote non-authenticated attacker to gain administrative access.
37b074fcfd1268b4c2a6f2caa51871c515255ca4a95d417dbb255ba1040e51e3
WordPress WP-Members plugin version 2.8.9 suffers from persistent and reflective cross site scripting vulnerabilities.
385a5905db87d16b541ccca93a3f6fdc33d755988788c62aba7d2398acab7e99
Horizon QCMS version 4.0 suffers from remote SQL injection and directory traversal vulnerabilities.
c4a8ec5246cde659f575cae4546093150061579f6c6c6713fe4b0a2f20435884
Eyou Mail System suffers from a remote command execution vulnerability.
9eb2afa048f0423a66d6d70e5d349f8ff7afc7986f519cce410651a890eb14ce
EZGenerator suffers from cross site request forgery and file disclosure vulnerabilities.
0105ea969629a0b67c5dee553ed0d9e82c41961d40576436de6c749be569fa15
CSP MySQL User Manager version 2.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
657bbaa377192ebc2eef6b897b2b4fcd8ece308cf0861143d569a083eff2e675
Built2Go PHP Shopping version 1.x suffers from a cross site request forgery vulnerability.
c88f0c657889d78d03a3fe805274b562dc61938b49f2435de9ec600fbd7d9f55
UAEPD Shopping Script suffers from multiple remote SQL injection vulnerabilities.
e6d58afc0a7ccc372d19bba4b96af7e5bca4d4f6d3b3a9bc0d6cb35b8f1f58ed
The initial observation was, that the linux vm86 syscall, which allows to use the virtual-8086 mode from userspace for emulating of old 8086 software as done with dosemu, was prone to trigger FPU errors. Closer analysis showed, that in general, the handling of the FPU control register and unhandled FPU-exception could trigger CPU-exceptions at unexpected locations, also in ring-0 code. Proof of concept code included.
c0d7b7b3940841dcb9f666f46a4adb35352ef1442a9a3e3f3fde132e5689e1ef
Spamina Email Firewall version 3.3.1.1 suffers from multiple directory traversal vulnerabilities.
c2e61c56d5fe28f5d6fee6b4c1a3e0cc6c2f56409908e471f9bd8fd501c9d352
GetSimple CMS versions 3.1.2 and 3.2.3 suffer from persistent cross site scripting vulnerabilities.
673085354c1aa7a5d4988c8b7f096e0d825a07b9c4a4d58be0153ed65f72251d
Dredge School Administration System version 1.0 suffers from backup disclosure, account disclosure, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
eaa701db8fbc9aa704db6e8e1be81611fe3f74c47f614015cbb7b7a87085e20e
Middle School Homework Page version 1.3 Beta 1 suffers from cross site scripting and remote SQL injection vulnerabilities.
fcd3ad9c7685362a7f5ddb3ff01ea249fd41a62d27a1e24dce1b1576f9bd6707
Command School Student Management System version 1.06.01 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
f21fadfba66ed93c307bc2f7a2247cee0d8a016bcb82c7f40566e62dc5b4bc10