e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability.
56bd876fd3e9e58a94c3248fcca4128f67bd75df9310ba5fdddc5ae0a7a6879c
Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities.
d1476599affa41b884dec786579a526abb8aa5d7a7e7ce2a41d003a8d5c21aa6
Alfresco Community Edition versions 4.2.f and below suffer from multiple server side request forgery vulnerabilities.
19ce2a94ba7b3ac977579971c45cb86e989ade80fc0002971cfee5378a52f153
Joomla Youtube Gallery component version 4.1.7 suffers from a remote SQL injection vulnerability.
8eb97c488001bd59478d014e3535c51b5f47ba324ae8929abe3595af874685f8
Concrete version 5.6.2.1 suffers from a REFERER header-based cross site scripting vulnerability.
5132ad0d776021270916cb7e3a628f5ae97560841c95e08123603a834cf8f018
Open Web Analytics version 1.5.7 suffers from cross site scripting and remote file inclusion vulnerabilities.
4b3162ed902e22cdb6df8c7de9319eae0d70804ef2bf9685c2ff32894c2d0b84
Proof of concept code to exploit an NTP amplification attack. Written in Python.
4825e58fe082ae9df2ef9e5db59a2b9dc9323b9a9efec7171608ac233a55b7c7
Boat Browser versions 8.0 and 8.0.1 suffer from a remote code execution vulnerability.
15064e206d7c3a806c6cccf757aad7b42f8819d6495051b1bbb5a37390b2fe12
The Wordpress WPTouch plugin contains an authenticated file upload vulnerability. A wp-nonce (CSRF token) is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to the upload folder. Because the plugin also uses it's own file upload mechanism instead of the wordpress api it's possible to upload any file type. The user provided does not need special rights. Also users with "Contributer" role can be abused.
3b83080229ddf1398d4c0e14805e19037ba1387ba609af42952912ac8e1c07bb
Browserify versions 4.2.0 and below suffer from a remote command execution vulnerability.
e8919d2a8ef51b9aa8f5d664f2a60bf400d82492defbb3819624caf491329efe
A vulnerability within VBoxGuest module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Oracle VirtualBox Guest Additions versions 4.3.8 through 4.3.10 are affected.
23d2e313c1427a208d2779f1e9be216e6d3f6f4025a67191718be30d6c492262
OctavoCMS suffers from cross site scripting vulnerabilities in its administrative panel functionality.
959d307a49e3a67b8d7ac7ec862c293249bd9716566f7d28742b776f11e9461b
HP Data Protection manager version 8.10 suffers from a remote command execution.
72ed8aa446b8dbbc1ffeba0993da64ecfc95fa1b6da8e80ef2701ad611f32d1d
HTTP requests flooding an Elipse E3 Scada PLC triggers a denial of service condition.
65f5fc97bc8d00f15669db0bbffd8cdcdca03af1247dd6f844cccec55d045fbd
Sqlbuddy versions 1.3.2 and 1.3.3 suffer from a reflective cross site scripting vulnerability.
c03dd069f7f44d259ec27c3128ecdb5bcb085ac70d888a16525eac72a1d4180d
OpenCart versions 1.5.6.4 and below suffer from a PHP objection injection vulnerability.
663873769c470a4e3c4873762728fbfdc6d21b8ca404b7e2e387b6e5ecd39c4e
WordPress Tidio Gallery plugin version 1.1 suffers from cross site scripting and remote shell upload vulnerabilities.
4cf61990f3046e00682cebed16ac681c320e26535c3b1ee57aec2aa0f1b6ff6e
WEBMIS CMS suffers from a remote shell upload vulnerability.
96392e19f615236ba519d6d55815c7771af73e6df1a82b98a57fd26dfbc83d08
WordPress CopySafe PDF Protection plugin versions 0.6 and below suffer from a remote shell upload vulnerability.
43d587958f6cbd2b437cc72de392e89b6deef2dd6b31414582cadb949647c033
User credentials sent to united.com did not transit over HTTPS upon submission.
b8e25796c63cdf0f3589e2be7707e41dd0340542c486725ce5ef88b491926261
WordPress DZS Video Gallery plugin suffers from path disclosure, cross site scripting, and remote command execution vulnerabilities.
e5fcc59b2473a572157036fd97f7420ad7408afc32ba7cb61ba10065f6bb6680
The Private Tunnel application suffers from an unquoted search path issue impacting the Core Service 'ptservice' service for Windows deployed as part of PrivateTunnel bundle. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application. OpenVPN version 2.1.28.0 (PrivateTunnel 2.3.8) is affected.
1982811cca8c4967ad80bdbb680ede09b9ad33b3645539f9d125c817aa9bbe3a
Schrack MICROCONTROL versions prior to 1.7.0 (937) suffer from cross site scripting, weak default password, and data disclosure vulnerabilities.
ac3daaa3ec1fea3bd206d4c88bfd45b9b0def76b61c4b06bde03b01f98f45c67
Shopizer version 1.1.5 suffers from authentication and authorization bypass vulnerabilities and also has a hardcoded default encryption key.
3151b133fe3a990ab5b4430efd7f97f3a1ea24619f03afeb2acc81fee40ad78c
Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.
e4162980efab523974589c1d3461783cd9e47700688234801663f08a5f929a8d