WordPress Advanced Categorizer plugin version 0.3 suffers from a cross site scripting vulnerability.
6fadf0a68a68d7a2224dead0e386baaf4e4a60df0ceff53723283c9beb898aec
WordPress Facebook, Twitter, and Google+ Social Widgets plugin version 1.3.7 suffers from a cross site scripting vulnerability.
3290a2bb90bb054c2c4c266867566c028da4101297cd2c8c4f96794c20e77af9
phpFileManager version 0.9.8 suffers from a remote command execution vulnerability that can be leveraged via cross site request forgery.
fd512bf32f9f9fc9a3b430ad2e4494742e35537f8aa5ba31a79fa463585369d4
WordPress Flickr Justified Gallery plugin version 3.3.6 suffers from a cross site scripting vulnerability.
976c6087ecb03d8b8cae5e43e9e600acaa4392bab73a3bae21e132826b40bada
D-Link DCS-2103 version 1.20 suffers from cross site request forgery and cross site scripting vulnerabilities.
4d98416040832150a16ffa2a1c213edb24bd98271d14dbe192d4aa550a9fd010
Tendoo CMS version 1.3 suffers from stored and reflective cross site scripting vulnerabilities.
cd9b09823f3b4f903977a3d92b3b7084b6e40bcacb0756fc6aafefeeafb8108a
Foxit Reader versions 7.0.8 through 7.1.5 suffer from a PNG conversion parsing tEXt chunk arbitrary code execution vulnerability.
9da8a1034afb8dd1ecf6f36562d0356f8048cf0ebf078c27562a216194531c8e
Hawkeye-G version 3.0.1.4912 suffers from cross site scripting and information leakage vulnerabilities.
dedfab25cf599a5d471846668f02839f82db68639796aad291a1a95774f4e305
Seditio CMS version 1.7.1 suffers from an administrator password disclosure vulnerability.
1780346582854c7fdc89148449d9eeb1ad330538db092f6b047b6f4ff3c1e490
This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3b
Seditio CMS version 1.7.1 suffers from an open redirect vulnerability.
2ff996b84f5e2517c42761313b4f6b91deae750fa6ae089104e6d04642bfc884
XenForo versions 1.4.9 and below suffer from a cross site scripting vulnerability.
5d38872663e90c1322bb0e4199d9762f1f981af682bd046d78e6ef57fd238678
WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities.
35ca2d59e923c4dcfa102cae5ca95a5f2022862e2a8f048b21905f0568781656
WordPress Music Store plugin version 1.0.14 suffers from an open redirect vulnerability.
39a735fe34395a13d85f4a7c0131dc3a9ee60a7573410b4205e3a12eaf6b2d36
QNAP TS-x09 Turbo NAS suffers from a cross site scripting vulnerability.
ab18c8b11eafa38f69dcfdc61dd73eeb55ad959a3b1d45edb7008ded708d8650
Hawkeye-G version 3.0.1.4912 suffers from multiple cross site request forgery vulnerabilities.
7bbb160cd6f98012e50825f8a96af7faf9af19a17a8380a6210306d6c3405ae3
In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.
5f8a24055c7eacceccce25d80da65ff0a662a967a7f926c2fe621369f5e41ae2
The libuser library implements a standardized interface for manipulating and administering user and group accounts, and is installed by default on Linux distributions derived from Red Hat's codebase. During an internal code audit at Qualys, they discovered multiple libuser-related vulnerabilities that allow local users to perform denial-of-service and privilege-escalation attacks. As a proof of concept, they developed an unusual local root exploit against one of libuser's applications. Both the advisory and exploit are included in this post.
8ca265d19600f642e0b8538ca2edb894bbc57f28b26136e6f5ea36ae5e348827
WordPress Paid Memberships Pro plugin version 1.8.4.2 suffers from a cross site scripting vulnerability.
410ccd42ad7f7fd44ee5b3408fbbe29164843761e90521e5e7335512139412ff
WordPress Count Per Day plugin version 3.4 suffers from a remote SQL injection vulnerability.
f687e1b0d3ad51322c1b0413cd02097173f02fb47e8b268312c45c39c2901d6d
Xceedium Xsuite versions 2.3.0 and 2.4.3.0 suffer from command injection, cross site scripting, directory traversal, hard-coded credential, and privilege escalation vulnerabilities.
435b9ea5332e4395e8c3c079290a5fe9be967080695ef116f10918e9ad4d0414
NetCracker Resource Management System versions 8.0 and below suffer from multiple remote SQL injection vulnerabilities.
93d2f137db25cb48662c6394b587ff5d423fa89e6aff521417512fcc7700707b
NetCracker Resource Management System versions 8.0 and below suffer from multiple cross site scripting vulnerabilities.
919ec0379fdf91eec0154ace839eb6d6c2a1ed54c9f07a49617f729d6eeb7926
Open Web Analytics version 1.5.7 suffers from password disclosure, weak cryptographic control, and cross site scripting vulnerabilities.
eff923ffcdcd382735364473953777226ac5141d068f398cd44bc9d036ebb5d2
OS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.
54d151a0576992acbdfc4330c685be0f33834016156eaf6b60eb50e760abfc0c