WebGUI version 7.10.29 suffers from a cross site scripting vulnerability.
3d3e6b21fe45432b0e40db0c1889193862c287262d17d520f6fe75f10e008edc
File Pro Mini version 5.2 suffers from command injection and local file inclusion vulnerabilities.
61cea2d0f359c24b386460b827adaf2a360bd5c83cb5f78946a2cc9790c4555a
VeryPhoto version 3.0 suffers from a command injection vulnerability.
a176d6e3ecc622dc3aa6b5a3e580652f3cd38b8d3c1db5d1822ae3490e2b1984
Sim Editor version 6.6 stack-based buffer overflow exploit.
0f061824fc59baa0d38bfd9364ff194c26e0a2185d52c693740a5897afacaa48
Facebook Mobile allowed for a name change prior to the 60 day limit.
e9022186bc9182406a9f7e6e9807d1d8c75ccb9ffbc563e752cb736aac563f8b
CatBot version 0.4.2 suffers from a remote SQL injection vulnerability.
8ca8d8041febb4bd7e87451a3b49b4a0db8053b94320613163e2349fd83ba080
Pandora FMS version 5.1 SP1 suffers from a persistent cross site scripting vulnerability in the SNMP editor.
e6fd854ee49192290abf5846acc7a072a9debbbaa248635f0fc0042fbd716a1b
The function CryptProtectMemory allows an application to encrypt memory for one of three scenarios, process, logon session and computer. When using the logon session option (CRYPTPROTECTMEMORY_SAME_LOGON flag) the encryption key is generated based on the logon session identifier, this is for sharing memory between processes running within the same logon. As this might also be used for sending data from one process to another it supports extracting the logon session id from the impersonation token. The issue is the implementation in CNG.sys doesn't check the impersonation level of the token when capturing the logon session id (using SeQueryAuthenticationIdToken) so a normal user can impersonate at Identification level and decrypt or encrypt data for that logon session. This might be an issue if there's a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section. This is the proof of concept code that demonstrates the issue. This affects Windows 7, 8.1 Update 32/64 bit.
4209894f8317e6b800fd3d23f74c828d6c6e1b7528046ac121ee759f36fecc03
Alienvault OSSIM/USM versions 4.14.x and below suffer from a remote command execution vulnerability. Proof of concept included.
a68baa3bbf3f63879d7b7f3eaa8c9b8bc017abc0c0112daba2b272eca6043950
This Metasploit module exploits a stack-based buffer overflow vulnerability in GetGo Download Manager version 4.9.0.1982 and earlier, caused by an overly long HTTP response header. By persuading the victim to download a file from a malicious server, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3.
d221161463d2ce4c841da81d4b8047cf3a870adfd262c14d29a88c0aff92cacf
On Windows, the system call NtApphelpCacheControl (the code is actually in ahcache.sys) allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext. This function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator. It reads the caller's impersonation token using PsReferenceImpersonationToken and then does a comparison between the user SID in the token to LocalSystem's SID. It doesn't check the impersonation level of the token so it's possible to get an identify token on your thread from a local system process and bypass this check. This Metasploit module currently only affects Windows 8 and Windows 8.1, and requires access to C:\Windows\System\ComputerDefaults.exe (although this can be improved).
36677bd1211abded7668cec79a01236adc56ce9a61fd946306e8c8d33aefa513
WordPress Simple Security plugin version 1.1.5 suffers from a cross site scripting vulnerability.
7903268191af99e0f4af1ae087e4cd87915db78de06194ae76e97b648cdc5af7
Proof of concept code that demonstrates a bypass flaw in Microsoft's cross site scripting filter.
0875f3451496c71e7cae3de5807a25a36dee4a8152a23f8e1981178604c35d34
WiFi File Browser Pro version 2.0.8 suffers from a code execution vulnerability.
3a17fedccf065dba2df2c8cc06ab986128e6739ee172a59e2c48817e94704d18
Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from a HTTP header injection that allows an attacker to inject a file into the HTTP response from the device.
ded2a0627c3a429a64de38ac35a2932ed3eba1561ee7e5b46f1a77886f913fdd
TechSmith Camtasia versions 7 and 8 suffer from a cross site scripting vulnerability.
0da3668d93c5d907fcfe6b8abc0ab9b5251abb5997b3d5d0d8042ce947378c29
Foxit MobilePDF version 4.4.0 suffers from arbitrary file upload and local file inclusion vulnerabilities.
5f85f991b9a8dad94c8ffd8d5807d15fd8470726411c60a63efafc1858cefbce
Blitz CMS suffers from a remote SQL injection vulnerability.
c66ceb6f433e98cdcfb6154dfe4e13c116eb212f54de99cc44c88cbcb6870da4
Sitefinity Enterprise version 7.2.53 suffers from a persistent script insertion vulnerability.
bc702250ffdaf36a6363da46fb048aa11ee62eed45197602c51eac283f6341bb
Ansible Tower versions 2.0.2 and below suffer from cross site scripting, privilege escalation, and missing vulnerabilities.
6e3115b310156299b33941a1b818a51f6f4f245f77904472bfc207672fab5870
Congstar Prepaid Internet-Stick suffers from a buffer overflow vulnerability.
b161408db9940a56935ea3d2849edc91522ac265879fb0edcd77fc15f1807ba5
T-Mobile Internet Manager web'n'walk Stick Fusion version 8.01.2015 suffers from a buffer overflow vulnerability.
6c14082d057cbbddf70192794e7aed3390eae31cd95dbd6f2dabe41eb835f51d
CMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability.
4b95a602e4064b14c1925613d95f0cd6ab4878e0ce547bf1e2ca309b92c192e4
OS X 10.10 Bluetooth TransferACLPacketToHW crash denial of service proof of concept exploit.
8c9dfd0cb0115429d6229b818d3e69f753cdd59dc26b6381a12ffcbf5264ccda
OS X 10.10 Bluetooth BluetoothHCIChangeLocalName crash denial of service proof of concept exploit.
a50ca06a0203967966d658916c7f43401c0a173e68ebcbb744f3d6d302b27721