Aruba ClearPass Policy Manager version 6.4 suffers from a stored cross site scripting vulnerability.
56fc1e5abc70aa4b06bce984674df0bb39093a580845e17c217bedabcd24e62f
extjs suffers from an arbitrary file read vulnerability.
25c706347c312a1dbec64e7145f83ad3ced43c430111d99c2af5d66c8674f7a1
Synology Photo Station version 6.2-2858 suffers from multiple cross site scripting vulnerabilities.
927478dedc2f46ddf47bf2eba3a71f368d3eede44841b733a91812ac2f0c7fe4
Synology DiskStation Manager version 5.2-5565 suffers from a cross site scripting vulnerability.
c70cd82b2c879cc9faf4d63e2542922479c5b742ab89fdf1e169021d4de5a076
Synology Photo Station version 6.2-2858 suffers from a command injection vulnerability.
7036f18e0c6a38dc59ea9beaac1cea09173f31c896f8abef0c736a5664dedf77
Acoustica Pianissimo version 1.0 Build 12 suffers from a buffer overflow vulnerability.
5b4e71656a5e56925fdd005d4978caf3ef93325e716e7619d25c2a02ea9be455
WordPress Landing Pages plugin version 1.8.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
38c93b584c4370e8a7448be532e3f9ddf49a3199592125e65aea3e71c9a0a8b1
WordPress NewStatPress plugin version 0.9.8 suffers from cross site scripting and remote SQL injection vulnerabilities.
c21475a98b02c9872e5a37cf40c15b71b1986b1e59d0d40ea8f9648d635eb20d
WordPress Church Admin plugin version 0.800 suffers from a persistent cross site scripting vulnerability.
644b4b676956c1abe46ee05aed38b45a753085c0835c7ebf5f82dfeb84eae8ec
WordPress GigPress plugin version 2.3.8 suffers from a remote SQL injection vulnerability.
c6416d8e44d2b5ff46c60336bc975b7742a4a66c4fe4b8de55f81ba500e1c382
WordPress MailChimp Subscribe Forms plugin version 1.1 suffers from a remote code execution vulnerability.
582145284854aac7ad3c3a38aafe49d11fa99d1393cd594bd61e289d08ddb5c3
phpwind version 8.7 suffers from an open redirection vulnerability.
2cfb428d9695da5e3fbaec0790c4d01de2be804abe377d5a13949da00f0523b1
phpwind version 8.7 suffers from a cross site scripting vulnerability.
1604166fb1c18e5c1d11256ee06a7d58052ceebc51c063aba57f96fe039e1a21
Vesta Control Panel version 0.9.8 suffers from a cross site request forgery vulnerability.
c2645b4a8ab272752f3327b66ce8adc1b4aa50f89c60265a5dccd5488f217b87
WordPress Estrutura-Basica themes suffer from a local file disclosure vulnerability. Note that this advisory has site-specific information.
7e6fb03ddc410197b89cb711c3d7b49bcfd1effe84cbf71e952385fd8909c84a
SITEFACT CMS version 2.01 suffers from a cross site scripting vulnerability.
25fc86df1f84c88ce94127d44b4351010b9f51233038fbac3801b2f2a88e0979
Gcon Tech Solutions version 1.0 suffers from a cross site scripting vulnerability.
78e2c8b0a4ea364a57ad54d204934326bc489abb43255c9176bf33aad8567441
Gcon Tech Solutions version 1.0 suffers from a remote SQL injection vulnerability.
6ccc427f0a64e0f68d55e041ffc40efc5beee7b19b648e187aee34eae09cc753
Fuse (fusermount) suffers from a local privilege escalation vulnerability. This is a proof of concept for Ubuntu.
b50e101f0fd8a29c70f51dd4db578306c1a77f5520e6a8b981293987baf4ba67
The named pipe, \SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. Please, note that the System Update is stopped by default but can be started/stopped calling the Executable ConfigService.exe.
a1b4e2c233f7b4436e33e4531fa6f85ed939d5f69470091600ce9b27ca87965a
TCPDF library versions 5.9 and below suffer from an arbitrary file deletion vulnerability via object injection.
d85aaaf04782eae8912ed94a4cb59fce8b367a908734638e2ca9f22c8b5e762c
WordPress Video Gallery plugin version 2.8 fails to protect email functionality allowing it to be leveraged for spam.
b38dfee27a4c0e1d32faae66624c949bb13653c914e633032fe3b5a39ed22b21
Core Security Technologies Advisory - Sendio ESP (E-mail Security Platform) is a network appliance which provides anti-spam and anti-virus solutions for enterprises. Two information disclosure issues were found affecting some versions of this software, and can lead to leakage of sensitive information such as user's session identifiers and/or user's email messages.
e11474848d575d94bc3dada06c86583e82c5a7ffe114e1c931a34769da9a4783
WordPress WP Membership plugin version 1.2.3 suffers from a privilege escalation vulnerability.
e61bf669773c2f5f27ac77cb45ed738f2bf04021b88a306527b0fb6085f0a6e2
WordPress WP Membership plugin version 1.2.3 suffers from a stored cross site scripting vulnerability.
36766decc9aa89c69fc6d423d64aea2c87507fd96654d86e772666c5f5bca00a