SWFupload version 2.5.0 suffers from a cross frame scripting vulnerability.
283ad27ae5c9a13078f97e8a54234064217dd402919457787519f9e2a3593820
WordPress Revolution Slider plugin suffers from a local file disclosure vulnerability. Note that this finding houses site-specific data.
720a49959bd9a6132917146b6e2e88c554c60a190b1b5cd3ab7232e9197dea43
Cisco Ironport appliances are vulnerable to authenticated "admin" privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing "admin" account limitations. The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to remotely access the appliance to provide technical support.
7aa6e441f68e79df13353d80a424cccc6714794a6a89f8ed099d5267e077478d
ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote SQL injection vulnerability.
c5fe07e7b05786d6f07d6f09a432fc4fea83c7125de5549570e1eaafcc13b2a5
ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote user enumeration vulnerability.
b0b6bf9a9dab1ec3d533b6e5cd4cc1c40202b20474bcd7c7949b11077ff22ef3
ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.
1c879d55c033a0142d5afd25967e70e6b4b9946140355cc35138584d329406e7
ferretCMS version 1.0.4-alpha suffers from cross site scripting and remote SQL injection vulnerabilities.
e833ccba84d5f20433f71ab680b92585696d02bcf2c559cbe91d1e54827ceb49
SmartCMS version 2 suffers from multiple cross site scripting vulnerabilities.
d555b444dbeca536ed18b052a1222905eb7bad519789a5478cf859d96838bbc8
SmartCMS version 2 suffers from multiple remote SQL injection vulnerabilities.
e1e15790d42f90cde2cfadfe486a281cb2d46f6ec3aa8cb911ff47fef02976c6
Program-O version 2.4.6 suffers from http response splitting, cross site scripting, and local file inclusion vulnerabilities.
76658244af3e987274e86b16084fa6ffaf0d26aebcfead558ea9f4ca01983a80
The USAA Mobile app for Android versions prior to 7.10.1 suffer from an information disclosure vulnerability.
5885b9f88356cacbdd18637c155b3a61531b959d43dbc55fb93a82fdcff79bdf
articleFR CMS version 3.0.5 suffers from a cross site scripting vulnerability.
a7eec6dd3bb01b1d47f2da23b35af63ca219b46a7c1690081c0abac2fbb389cb
Various Alibaba sites suffer from cross site scripting and open redirect vulnerabilities.
4122adb3397a297f4e601144cc131e86b766b44301d48f154f47babf55aaeed6
ecommerceMajor suffers from remote SQL injection vulnerabilities.
130972cbcc57088872f5ad921761903a21a4ffdef387d6ce66b050a87a8f21e4
Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the tools_command.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username.
a3a633df95163ac8abfd1b19d769fa3b73f2a1713b3feb2b4d0ff3be073861e7
EventSentry version 3.1.0 suffers from a cross site scripting vulnerability.
da0f4374ef92f5ee3eea2636f7aa15246d345cf90fa0777320bc476ba11a4c44
Mango Automation SCADA/HMI version 2.4.0 suffers from a cross site scripting vulnerability.
704e29f5301856f265965bf91b0847bbf30b4043a406207865521cb452b58b6d
X-CART e-Commerce version 5.1.8 suffers from a cross site scripting vulnerability.
555b632a4f5d3cfbee4028e75235fa7360c2220cfa003692dc1d0d40899feee8
Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.
c2294e75032fb839b9cb87eecedc88efda3874129c4fc1fbc3e1c516eb643ca7
Exponent CMS version 2.3.2 suffers from a cross site scripting vulnerability.
48c6e80dad6478f82d642f57814f2a221955d4230c4eeb2b6b29cf0bd4259847
osTicket version 1.9.4 suffers from a cross site scripting vulnerability.
8003e3196ed9e2fd6b263aace480f15a18ea6434721e52f87dd4a81d355e4753
CAS Server version 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards.
acdd49563e5c313169658b0544468eb337857711cbf273a6c35da6f861cdb17c
The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if the victim confirms an update on the webinterface during a MITM attack.
b874a9011fb2ca0d221ff39d36dbb4e90c05998298389c0f0392ad2528babfbe
articleFR CMS version 3.0.5 suffers from a remote SQL injection vulnerability.
cf0e954b5df6aa5ec410aaab404196e221790b3b12e65427bddab5a4f981b512
OS X 10.9.5 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.
4eb96b629d8eab7927b29a5ec7a9f92753cd3f849943a9328dda80e152688d6a