Adobe Connect version 9.3 suffers from a cross site scripting vulnerability.
34a15972095ac3667591b4ca3b3d0af98fdb37a6c638e54bcdd4983279790c3c
WordPress SE HTML5 Album Audio Player plugin version 1.1.0 suffers from a traversal vulnerability.
81424b362836e1f87647f0d8767db8affccfc69ef41a140b10eb979f0ded8ac7
FC2 and Rakuten Online websites suffer from multiple cross site scripting vulnerabilities.
1fb62bc8f5ebd900d982563a1cfdd52226e4525623179b8e65ae73c93e3ec037
Projectsend r572 suffers from a cross site scripting vulnerability.
cc435eb98777bd119341c098258b2689927d36a6df2cef54892ebf0eb790ce7a
Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.
782706b36ec37423bb60b4189000385c972cba361ddd33631487a01b1346633a
WordPress Aviary Image Editor Add On For Gravity Forms plugin version 3.0 beta suffers from a remote shell upload vulnerability.
03e9ff17bf85e1c419744d224df38fb57c911c3c1e198198d29bab2ca183658f
An application-side re-auth session bypass vulnerability has been discovered in the official Heroku API and web-application service. The vulnerability allows an attacker to request unauthorized information without the second forced re-authentication module.
c42e20e6af494c024a32d6288be639d91cf860dcc07122b0e4ede8924d4698c8
Pandora FMS versions 5.0 and 5.1 suffer from an authentication bypass vulnerability.
101abb232873cca16dc19d18de85b3977b7db101c7823334f4b70fcada3423a8
High-Tech Bridge Security Research Lab discovered use-after-free vulnerability in a popular programming language PHP, which can be exploited to cause crash and possibly execute arbitrary code on the target system. The vulnerability resides within the 'spl_heap_object_free_storage()' PHP function when trying to dereference already freed memory. A local attacker can cause segmentation fault or possibly execute arbitrary code on the target system with privileges of webserver.
97375f017fbc6339f20309d1873f364d4f4bb2e3171ae12a6883001f4efb66fc
ISPConfig version 3.0.5.4p6 suffers from cross site request forgery and remote SQL injection vulnerabilities.
7b20edde24f0f1fb2d963049457764c5312fb3b6037c0261c180f81ce8d63252
Bonita BPM version 6.5.1 suffers from open redirect and directory traversal vulnerabilities.
318aebbb7238bd95d83a383ed6cec374ab8164e93742363befdec484d42c0016
During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses the website while being authenticated in the management web interface.
ebb5b0b74f92ebf4cf2025ae52d59a24ba40fc8487415190d9d0bd7efdc814ad
During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks.
81e6be2bf4112b23f31a9a4eb65f9147c563e93f5117e6190c5f3a95354f3823
Article discussing the SSL 3.0 fallback and POODLE vulnerabilities. Proof of concept code included.
c1251d89447f8978856d0cdde22d5bce6781a9bf91742126bb037c8054e02634
This Metasploit module exploits the SITE CPFR/CPTO commands in ProFTPD version 1.3.5. Any unauthenticated client can leverage these commands to copy files from any part of the filesystem to a chosen destination. The copy commands are executed with the rights of the ProFTPD service, which by default runs under the privileges of the 'nobody' user. By using /proc/self/cmdline to copy a PHP payload to the website directory, PHP remote code execution is made possible.
6b1b6947386e30749005cc4bbf96249cdc5ee569e7eb6a39db9bbb3306f97451
TinySRP appears to suffer from a buffer overflow vulnerability in the username field.
77b7bd5fa6ad642e38cebe659484fab925425c8a24142bd0d9e1cbb1b5cf414b
AnimaGallery version 2.6 suffers from a local file inclusion vulnerability.
a8594f40a409f61ee653dc4bd93654501613618322100129fb0161585eb831e9
DreamBox DM500s suffers from a cross site scripting vulnerability.
1fb8f30202be86e4f413656dff4cb65aee9c8bc5f7089efa996a8a1f7afdfbb2
Paperlink Balance 710 suffers from a cross site request forgery vulnerability.
383566478a99a0be1dbd4b3452eb1c4186a558cbca37e101d80511ba58fe3b08
Persian Car CMS version 1.0 suffers from a remote SQL injection vulnerability.
96c7e380e3dcfdf87d097b33ff55c6e62e36e620829a2f75694f7deeef5faaf8
The Kankun Smart Socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP. An attacker on the local network can use the same key to encrypt and send unsolicited commands to the device and hijack it.
9225a407cd8c8dd1c678631cb1e646a383b42ee99ca1ea8aa1e039b735e9be08
SilverStripe CMS version 3.1.13 suffers from open redirection and cross site scripting vulnerabilities.
701dc27fc99ae0950b14b0faf19d1fb54c6eff0e004fef057c3b3d65faef74f2
Apexis IP CAM suffers from a remote information disclosure vulnerability.
6241365038e03dc58eafa111dc2905a716e965fcb30f266cfc7b10a7e6f1c8a2
SanyBee Gallery versions 0.2.9 and 0.2.10 suffer from cross site scripting and add administrator vulnerabilities.
f4038f6854de17663fff4ff5953a7bfa407b053ad722c8ea52c6d9aff3a1a1b4
WordPress Encrypted Contact Form plugin version 1.0.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
de168bc9ae565931b08fd16f0f2a4a87e5905225a349be79aefeabea3d4371f1