DLGuard versions 4.5 and 4.6 suffers from multiple cross site scripting vulnerabilities.
7f90a8a77ed1c5f742d1e0e2c10f9d721391131ac104efc1a23ba9b53731aad8
CrushFTP version 7.2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
4bb993b2b20fd12f0eb42e87af375dd1fd75bb61d47f7f5e88e9fb9dadf58213
GLPI versions 0.85 through 0.85.2 suffer from remote shell upload and privilege escalation vulnerabilities.
f5b80298d939a19b4ffcc07c8c53c9cc5f86bdb4925fba287223122335d455db
CMS Piwigo versions 2.7.3 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
a239ce6003e18af06c3d05e3db3bc45937ee44ec70f7ce065e378520fa3c3ef1
Ilch CMS suffers from a cross site request forgery vulnerability.
6516a3c9a997c8ee3898b5c0d3fd7f6b447fded88fe4d794fb0562bf26b8a17c
DLGuard version 4.5 suffers from a path disclosure vulnerability.
0a998d81feaa057ebaffc5d066b6674ef1aa32cd812f148a950b3340f5968bf9
Agora Marketplace suffers from cross site request forgery vulnerabilities.
e5c5c4a15d7246ab39f02df4daca8710e7b8e399fd2232a5602488d41b5ca0ea
This Metasploit module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.
4db85b31081245af192050fe8238d0162d228493f03b7b13875c3b7820cfcf47
This Metasploit module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote (HTTP) URL. JMX interfaces with authentication disabled (com.sun.management.jmxremote.authenticate=false) should be vulnerable, while interfaces with authentication enabled will be vulnerable only if a weak configuration is deployed (allowing to use javax.management.loading.MLet, having a security manager allowing to load a ClassLoader MBean, etc.).
613d2a6ea0710e79632bd00382a3b337e054c8c877f492ee49389de90972e239
GuppY CMS versions 5.0.9 and 5.00.10 suffer from cross site request forgery and remote shell upload vulnerabilities.
9a3a91d62ffa8289884c5091a6ca64c976b4470ba86c18aec9bebc32fad89d18
GuppY CMS versions 5.0.9 and 5.00.10 remote authentication bypass and change email exploit.
36e3e2286e3151843a486f4cd508000884e24b197a7a6d028b671071e13baa93
WordPress Image Metadata Cruncher plugin suffers from cross site request forgery and stored cross site scripting vulnerabilities.
a71d4db68d33bab99d72ce08102acacd4dc6e74c00da2d2005ee5a51028d788f
Remote exploit for changing DNS settings unauthenticated on the D-Link DSL-2640B.
16ab1d79cb7cf86f00b8d3d3e809b23c74f2de54632f5804f5f0d5dc9ed96331
Ebay's Magento application suffers from a malicious script insertion vulnerability.
98046449149e9e2050e711f04559c114518ccffa68815ddf7538d67d5a826afc
ES File Explorer version 3.2.4.1 suffers from a path traversal vulnerability.
b664b0fa935a7e23700055f21d93485cc52bc04420786148ceb2c3350d171408
Fat Free CRM version 0.13.5 suffers from a cross site request forgery vulnerability.
442a65cc0ff12a8338a1bfb92aed80cdcbb7b3497d728aaeaed5566a30d0f705
AOL Search suffers from a reflected file download vulnerability.
fb438cd4db45037abd6bf7b94f9a3d651305ea5b38fca8aa811794c2bed1d265
WordPress Image Metadata Cruncher plugin suffers from multiple cross site scripting vulnerabilities.
03374629cb90ac9ad07c551d52888620730e4229b15078ab8e1bc32f5ad9f8bd
Cosmoshop suffers from a cross site scripting vulnerability.
3a5e674c472acb0da22de2b4fe8eb6999aaedf57bf00a44f5c67812ad8a330b1
UNIT4 Prosoft HRMS version 8.14.230.47 suffers from a cross site scripting vulnerability.
a4f3ec7feceab6a3f99934e46758de2c2efe2b7b713bcda776bb1b9bff55099b
Landsknecht Adminsystems CMS version 4.0.1 (dev and beta versions) suffer from cross site request forgery, cross site scripting, and remote file upload vulnerabilities.
4c501213b8e037592e532e7fae3832f0793801bcd2630eba52f3f0dc202b7076
A number of NetGear WNDR devices contain an embedded SOAP service that is seemingly for use with the NetGear Genie application. As this SOAP service is implemented by the built-in HTTP / CGI daemon, unauthenticated queries will also be answered over the internet if remote management has been enabled on the device. As a result, affected devices can be interrogated and hijacked with as little as a well placed HTTP query. Proof of concept included.
34b002a3f907250f8f492040b56ddae24228180c80888d6f1fb7b330a3c1d5ba
A bug in the stock Google email application version 4.4.2.0200 has been found. An attacker can remotely perform an denial of service attack by sending a specially crafted email. No interaction from the user is needed to produce the crash just receive the malicious email.
ac7559e1e73b67d06c92b883f14f41cbf66238ec15aa4ca1bdae29c219ef9c78
eTouch Samepage version 4.4.0.0.239 suffers from remote SQL injection and arbitrary file read vulnerabilities.
3d132193ed477d7d4ba1937eda3c2f767b2192990404bb7846361beb567d88c6
Cit-e-Net version 6 suffers from multiple cross site scripting vulnerabilities.
526bcf6a66b8b5bd0787352fd099676df823fb8295c9426bd68b5ec9306b352a