RelateIQ suffered from a mail encoding flaw that allowed for malicious script insertion.
1965f8f41f4b94ba228c1c5a7e705aaf4253a0394a33dde894eb206d9528a793
WordPress A.F.D. Theme Echelon suffers from an arbitrary file download vulnerability.
0eaf643cace3cd4ee48bc42f9138192f2f3dbcf77a8c32224d60e11ac79ce0c4
D-Link DCS-2103 suffers from cross site scripting and brute force vulnerabilities.
1b747820623f0f30adc18502d9d90b9a424d62981c4e8b89cb19fa11e3abed40
Soitec SmartEnergy web application suffers from an authentication bypass vulnerability using SQL Injection attack in the login script. The script fails to sanitize the 'login' POST parameter allowing the attacker to bypass the security mechanism and view sensitive information that can be further used in a social engineering attack. Versions 1.3 and 1.4 are affected.
bb4d5d778f8965b832cb68b53a487a54d03e9cc70ff109a63b91a3be0a4c7653
This Metasploit module exploits a command execution vulnerability in ActualAnalyzer version 2.81 and prior. The 'aa.php' file allows unauthenticated users to execute arbitrary commands in the 'ant' cookie.
c6579fbbfca38d36e2a6f84933254ca5552f498fbc09c37104f4b62e7c16f695
WordPress O2Tweet plugin version 0.0.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
646d9b986366525995dcfa2c507f57dabe4f6447d31f30262ae75dacdabe5e28
CMS Papoo version 6.0.0 revision 4701 suffers from a persistent cross site scripting vulnerability.
995a953201a4398317eba7d813f684f1cdaafedc779ceeb291f0aacca6b0d9ae
Mikiurl WordPress Eklentisi WP plugin version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
df9a035052db81f07e5b5e7bd5e70024c89200646829731c9674d76c196db1c4
WordPress yURL ReTwitt WP plugin version 1.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
487248aa9bbe59d02909227ac36aff41fa4aa97417a9e6cf9a4774a5cee297c6
WordPress wpCommentTwit plugin version 0.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
d5c3add6148f7372c1f4339a37688f036562662148a8c69ecb66659d35618014
WordPress Download Manager versions 2.7.0 through 2.7.4 suffer from a remote command execution vulnerability.
34ddb275d5055cb3a01743e4fca6a4ffb4537f87c1b95c998437a4e5e1c60732
Ekahau Real-Time Location System suffers from RC4 cipher stream reuse and weak key derivation flaws. The message payload of the affected solution is always encrypted using the same RC4 cipher stream. When combining two encrypted messages with an XOR operation, the cipher stream will cancel out. With this, an attacker is able to recover the bitwise difference of two plain texts. The 128 bit RC4 key used in the Ekahau setup is trivially derived from the three least significant bytes of the MAC address. The key derivation scheme can be recovered from publicly available program code or any Ekahau tag's EEPROM.
a6ce7b1308744e978d9de9d7f014e08f9af93014056f5d15361dbdf486a9720c
WordPress SPNbabble plugin version 1.4.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
40e5d13856c461690cf62603b22a1499bcea09416e08cde4376649a16343fbdb
WordPress DandyID Services plugin version 1.5.9 suffers from cross site request forgery and cross site scripting vulnerabilities.
326934b7db084938b38b59409fc1ca099f5e5a061add78a0bfbbff97351ab24e
WordPress twitterDash plugin version 2.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
7d98ca7552b1ffc70153ec46af3888968059995a46f62a271ced40a606f65d7a
WordPress iTwitter WP plugin version 0.04 suffers from cross site request forgery and cross site scripting vulnerabilities.
2b6e55ff2e4c236215d4eb3846cedaafdc8bd7fdd55262d55222a611bb3b7fcc
Humhub versions 0.10.0-rc.1 and below suffer from insecure password validation and password reset vulnerabilities.
a0c970925cf93592f6e24c8b8beb06e6c309e87a56aa82420855febf69f24445
The WordPress download-manager plugin contains multiple unauthenticated file upload vulnerabilities which were fixed in version 2.7.5.
079e34e20841af90322c299baf4e66895abbbef7cea8d6d73043669dc843d6bf
This Metasploit module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() call exists in the 'src/www/project/register.php' file. The exploit abuses the destructor method from the Jabbex class in order to reach a call_user_func_array() call in the Jabbex class and call the fetchPostActions() method from the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call. In order to work, the target must have the 'sys_create_project_in_one_step' option disabled.
5a33756ac6f164ee2fb059946d33588c9b36b6022e2d724e212c9716e418d54e
WordPress WP Construction Mode plugin version 1.91 suffers from a reflective cross site scripting vulnerability.
4b3a420c975d97c587880090e2cd44f989c3707e35392b402ae97274917b937f
WordPress Timed Popup plugin version 1.3 suffers from a cross site request forgery vulnerability that can be leveraged to trick an admin into storing cross site scripting code.
72c753afa42f6bb5721f768faba120adcedbe9224f33ea06461170cba295de31
WordPress Sliding Social Icons plugin version 1.61 suffers from a cross site request forgery vulnerability that can be leveraged to trick an admin into storing cross site scripting code.
07e117089c8d906b6d8d5b4362e33b4c3449ee1ed3e54dbc5dfc5e0107860abc
WordPress WP-FB-AutoConnect version 4.0.5 suffers from a cross site request forgery vulnerability that can be leveraged to trick an admin into storing cross site scripting code.
f99c9c7b5f76f4b8a2f3b3fc38343294f5950c78c489cde10a6723a675d4ba84
WordPress Lightbox Photo Gallery plugin version 1.0 suffers from a cross site request forgery vulnerability that can be leveraged to trick an admin into storing cross site scripting code.
33298cd9bd72c5f9c115a62a9acb2577cb71061c0eef1456edbe8d941fd58ea9
WordPress Facebook Like Box plugin version 2.8.2 suffers from a cross site request forgery vulnerability that can be leveraged to trick an admin into storing cross site scripting code.
fbd7115249abacc1759c3198313fa977c9d2482a207b946edc53b58573a30152