Lantronix xPrintServer suffers from remote command execution and cross site request forgery vulnerabilities.
ff6469302e547e01bb9030847093051785ad3cc7d9ecacc094da02afa766ef4f
CorelDRAW is prone to an off-by-one memory corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious CDR file to execute arbitrary code and/or to cause denial-of-service conditions. Affected versions include 17.1.0.572 (X7) - 32bit/64bit (EN) and 15.0.0.486 (X5) - 32bit (EN).
d61e01adb66b6c79e68ff44e6a3ed5a2754e9b02ac1089137243b5f364608afd
F5 BIG-IP version 10.1.0 suffers from a directory traversal vulnerability that can allow an authenticated user the ability to delete any system file and enumerate their existence.
48c9228a0d762c37bb5420392618ef603f34d99d02096e06b809d1aaf78e9bb6
Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.
e559a6fc29b5452cf0090e6cc326b4afa0c52ebd83000579ad0a03b5b75fae8a
PayPal suffered from an arbitrary code execution vulnerability. A filter bypass and persistent bug was also discovered during the testing of the same vulnerable parameter location.
fed3658f23386986e4d659208a3fb49d27afdec96066ad71c77c587d4346e94b
Microsoft Office 2007 and 2010 OLE arbitrary command execution exploit. This exploit will not give a UAC warning. No .inf file is required in this exploit. The size of the executable payload should be less than 400kb. Python 2.7 is required.
67ef05e93ca36b2752d2f86818c0b19ab0cdbed8a586badc23f5f694ed829e86
Piwigo versions 2.6.0 and below suffer from a remote blind SQL injection vulnerability.
8e34aa5cc38234e00ec76daa8cd462763d9355b1d33754d7f3b38738477d41ec
Eleanor CMS suffers from an open redirection vulnerability.
84411384c7aa25e58ed05f7ed500b0c0f671a12c0994b2a76e3965c107e7b735
KoschtIT Image Gallery version 3.2 suffers from a cross site scripting vulnerability.
d995444066c1089280796083a3293f20919b5d37944e1a2be12d1a7cab2a8a5a
webmail.mit.edu suffers from an open redirection vulnerability.
71230acbb262cb99d7292fd923315777ab2695cda3d14a7cc42d66e422911466
PHP-Fusion version 7.02.07 suffers from a remote SQL injection vulnerability.
2249d0cca1dcee7f7c100fe42427bb2711d8fd3554f226cd372966d7f53926fa
Progress OpenEdge version 11.2 suffers from a directory traversal vulnerability.
2a7af6c9e05a8a5ed21c61c5a6187aa19d5abef257d9b8271a276a0e2a7a0f0c
Microsoft Internet Explorer 8 MS14-035 use-after-free exploit.
e3033fb7f9cb434533a100773bbe5fe178c4d89890c26940b7e6ed828fea0b2a
Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.
333a7cbaeed3cb481b4ccd4a7866dfecf3b66efe774dfea04879157048aaa69e
Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.
d1627d2ea7402acbd8c551b616bb1440bb991963b32d178d425ebbb7de626061
ZXDSL 831CII suffers from a cross site request forgery vulnerability.
843e8f18a1aecb19a3193b0c21a2f4b43254e1c19a3543a86ca96e33f9b2994a
IP.Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
1029fca8f5a270ef99408d415c08dcdd94232176b52896c8e45f98f4907417f9
X3 CMS versions 0.5.1 and 0.5.1.1 suffer from cross site request forgery and cross site scripting vulnerabilities.
c0f412e75d49e1016a81bfc9b778be1b4b23e45e968f63e05b4d8159c3fdf6cc
ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.
e1d27a945d66b81aacad98744ce5c1ea61a78584d22cd9c389042300b551cdf0
Password Manager Pro versions prior to 7.1 build 7105 suffer from multiple remote SQL injection vulnerabilities.
5f8f9ebe071b8c050eea45fd8ab2cfe66c95dbbe6b9b588dc687571121b75611
Another WordPress Classifieds plugin suffers from cross site scripting and remote SQL injection vulnerabilities.
8e3cc50618209d35d2db5cfcfaea563a32e2c93be193dbca495188aee7164dae
This Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.
8a3b765845b48b56bd638e90b38b71b9b937f492e8f972a8b7552ad9f1f4c4ec
PayPal MultiOrder Shipping suffered from a persistent cross site scripting vulnerability.
5a555cb13c0843865e07033eaedb436a8099f4e34444c8759e1631d75586f410
BookFresh suffers from a persistent cross site scripting vulnerability.
91e749731d9d6e88e3a23f12ded9479d506b87d60cf3ea412ed286b913acf976
OX App Suite versions 7.6.0 and below suffer from a remote SQL injection vulnerability.
e90b305cda305ae3ab8aaa3cf59b529eb43f81db98e02e577ac0b8865f49f4a4