Dell SonicWall EMail Security Appliance version 7.4.5 suffers from persistent cross site scripting vulnerabilities.
0cfbd724c69d47de7c17ff8278ec80b9408046b5efab05889637c9e367bece9d
Gummy Bear Studios FTP Drive + HTTP Server version 1.0.4 for iOS suffers from a code execution vulnerability.
b239f066427e1022589e0ecbdd1ac1858155184f9aae8a056e457651de06e2eb
Monoprice.com suffers from a shopping cart enumeration and arbitrary modification vulnerability.
7b9f5cdc8364d0860d1cf8260917384a3a43ecb7c6e7ba1fc99e01b8224f6e12
LinEx suffers from a remote password reset vulnerability.
569bcb618840b33281332aff7f027c187d8587d4ff30e0e14d3c71181a5ecbc3
Beheer Systeem :: Inloggen version 6.1 suffers from a remote command injection vulnerability.
71ed88b33d6cfd66642d0a7f54632ba605ef5c360563a06883fe978f05d0ce06
DotItYourself version 6.11.060830 suffers from a remote command injection vulnerability.
4253076bdabe92fa1b44b078b7bea0b2a8c511f30f794954f338db88674e1a85
Allied Telesis AT-RG634A ADSL broadband router has hidden administrative unauthenticated webshell that allows for command injection.
e3656907ce60bc967c703eead969f7f9b2ab164514e55b51d9246f8a9fad51ca
VirusChaser version 8.0 stack buffer overflow exploit.
6ecbff68b7197ddb88d7ad80fa57db0def9d0748f4668c04b41b49f4bea3101e
CouchDB versions up to 1.5.0 suffer from a denial of service vulnerability.
c6a608654fa5592ef05092fa31b0f667e9d283fcfdd700bc26d2fcc069fe40e6
Cart Engine suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory. Version 3.0.0 is affected.
96827d831045ae34ca4e250341d2bb5d34d2c393b7e1b2c30722378dcbb33018
Cart Engine suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'run' parameter to task.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks. Version 3.0.0 is affected.
e6438c80cea51cd67f5b475b75797244bde2786c6699715eb2d377adccfcc5eb
Cart Engine version 3.0.0 suffers from a database backup disclosure vulnerability.
c7cf38ab11e6169d1cc1ba8f453fe47dd8768354389975edf2b1d86f00798b8a
Kemana contains a flaw that is due to the 'kemana_admin_passwd' cookie storing user password SHA1 hashes. This may allow a remote MitM attacker to more easily gain access to password information. Version 1.5.6 is affected.
a05a7aa326979bff6b52716919249f5f27c6dfe85a75b89136e3a0640f8527f4
Kemana Directory suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory. Version 1.5.6 is affected.
0a9db43d181684d4b67300a7a8625d1771c50ac3101d708a1e0875bb7283adff
Kemana Directory version 1.5.6 suffers from a local file inclusion vulnerability.
8280cb54fa2414d97ddda5ca6dc643d446370afef4e1233e02d3910a6f6a12ce
Kemana Directory version 1.5.6 suffers from a database backup disclosure vulnerability.
b881b2ca8151d4b9ced7f6b0bad082ecdb8a0d92afb40a6cb9b480ebe7e085d5
The CAPTCHA function for Kemana Directory is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. The function 'qvc_init()' in '/includes/function.php' sets a cookie with a SHA1-based hash value in the Response Header which can be replaced by a random SHA1 computed hash value using Cookie Poisoning attack. Successful exploit will allow attackers to bypass the CAPTCHA-based authentication challenge and perform brute-force attacks. Version 1.5.6 is vulnerable.
0bbff6971475a515bf53c4adad31d393da5d381a7dab0bd0af11b3b1eca540c9
Haihaisoft HUPlayer version 1.0.48 buffer overflow exploit.
312f190b56156e4a5cc161186004f6f6ab66d996805794fdfcf9a134f23fdba0
Haihaisoft Universal Player version 1.5.8 buffer overflow exploit.
1eb1a1c521bb6b91b7db8e8b5979e0d6f55e3c47414fda473f5fffc0a00327af
OpenCart versions 1.5.6.1 and below suffer from a remote SQL injection vulnerability.
703149d4078abdc95ff0f473bd181a93a4f3386cdce4320a2ca8744e981ee3f6
This Metasploit module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.
e0371216c7f1d8860897ca9e5f3d083fc1371c2aca741321b8cb6ff295f73dbf
InterWorx Web Control Panel version 5.0.13 build 574 suffers from a remote SQL injection vulnerability.
afe204bd4b2997915e002624fe94d4bf76d844faa9571607108500b7840dbc16
EDITStuff version 6 suffers from a remote command execution vulnerability.
06f370fb97a0e7da39a9a0cbebd48d7b55eb97d5f9bebf21fd64712e2f49061e
iThoughtsHD version 4.19 suffers from cross site scripting, denial of service, and null byte injection file upload vulnerabilities.
b199b6f0f1f8a2eca6898cd60ae8f911d2ac84d212c86fb60f88639298107746
When authenticated as an administrator on LifeSize UVC 1.2.6, an attacker can abuse the ping diagnostic functionality to achieve remote command execution as the www-data user (or equivalent).
efca4edbd5362527ab761c155c785c794bfe447ad8520c997f75d88b0393b019