My.WiFi USB Drive version 1.0 suffers from a file inclusion vulnerability.
291d895c909d0e7e884d9e3475bc4fd0693023383eef111c66707bcae766d782
Flowdock API suffers from a malicious script insertion vulnerability.
a3b7855c7e90fcf4c75103af35130d53982d9d62505e762c85e860f5faf3646d
NodeBB version 0.8.2 suffers from a cross site scripting vulnerability.
d57f11bfe70287dfffacacdc169c4b777ffa00972b7da86b4dc99814bccfc23f
The encryption scheme used by Mikrotik's Webfig terminal software as seen on the RB750GL running RouterOS version 6.18 is susceptible to offline brute force attacks that allow a third party to recover login credentials (username and password) as well as full decryption of the terminal session. Full write up and proof of concept tools are included in this archive.
d0d1affb518b37657fed9af631a57aa3813a11d020ea75cb33748ab31aba0ae0
Mango Automation version 2.6.0 is prone to a reflected cross site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'username' POST parameter in the 'login.htm' script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session.
41ab244aefa7fced98821ec993549932a6899a590c057be0463567b385b9e724
Mango Automation version 2.6.0 suffers from a user enumeration weakness vulnerability.
537cc8a30faefec691fd5f8e0974b8ccb201b1d73876b4069c8f983045648729
ssh-agent.exe in Git version 1.9.5 suffers from a buffer overflow vulnerability.
ce634473f825d0f57046db4dc9958352e6697eedb52ff14a9efa1297a55a6652
Telegram version 3.2 suffers from a denial of service vulnerability.
90996d03212ed2c75f8fd0f227cfaaa7bd7b0fa0b0abb5f28d2eebcc8b3de810
This is a short write-up of the Ubuntu Apport kernel_crashdump symlink vulnerabilities along with some proof of concept code.
6ad9dbf653da822a763a4a0ee8845d1ea92def27b988d96ac422f942ecd40aac
This Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the 'nobody' user.
f3ce91f963a609ee2afb35c805a8185b216151f2f25fca139375b42759d02476
This Metasploit module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes.
7c6decaff907ef3b9b1bb529a51ba19b1033c58a2df89c836c3f0ff8739caa9f
X2Engine version 4.2 suffers from cross site request forgery vulnerabilities.
3ff64763cff039036ce49876b8feba0377dcadb9b0e71850c458529d2d4b3ba5
X2Engine version 4.2 suffers from a remote arbitrary file upload vulnerability.
b842c998e5a3f61c7b50acdb164aa108cc409599a2d25d457a9b76687828ed94
X2Engine version 4.2 suffers from multiple cross site scripting vulnerabilities.
9218f813f4e812e5120771140043ffecf041e066c73fa20c5a290b1140989be9
The Good Mobile Device Management solution suffers from an insecure application-coupling vulnerability.
af107c97cd4d7d4de1c924959092ed0c56c2cc5541967d7bdf9e2c3dfe46fe34
VuFind version 1.0 suffers from a cross site scripting vulnerability.
e11f4bce9e7156498d91762f5acc3c7dc73d048e47fec232b6e4c2456ec7e884
Junos Pulse Secure Meeting version 8.0.5 allows an attacker to enter "secure" meetings without knowledge of the password and the invitation link using the java fat client (meetingAppSun.jar).
72d0987702534e4b644e0f7014857caa8cdf81f311cef5ea5fd171580871e68d
4images versions 1.7.11 and below suffer from a persistent cross site scripting vulnerability.
09e7891c4a718461553424bee020d999e8f3b300137a5d41b358f57adf5a4e6b
FortiManager version 5.2.2 suffers from multiple cross site scripting vulnerabilities.
b71a9650569b9edc2d13b4e02474212f0456beb9b05798f1f01f8a68e014b2b7
SMF (Simple Machine Forum) versions 2.0.10 and below remote memory exfiltration exploit.
839a2e92d517f7cb38a35ae0c372edcf59dfd86ed247215c387c6d6b12bf6316
Due to a server misconfiguration, customers of Unified Layer suffer from a remote shell upload vulnerability.
38bbe1895961c77f3c46b4f57c4870d647343451c3a8616690b2f3361d104493
Flowdock API suffered from a script insertion vulnerability.
ba260a05957e34276837655ae4846ed931f035bdf3bcdc1cd399b333cb422879
Cisco AnyConnect Secure Mobility Client for OS X is affected by a vulnerability that allows local attackers to mount arbitrary DMG files at arbitrary mount points. By exploiting this vulnerability is is possible for the attacker to gain root privileges. Cisco reports that a similar issue also exists in Cisco AnyConnect Secure Mobility Client for Linux.
66660159f211f495d60f7ca1acea5dbe4e444722621da4f69354d6747a67fc1b
UltraEdit version 22.20 suffers from a buffer overflow vulnerability.
adcf8a3d5f0c3748dac9b35b34f0d3539924300c71ddb8aaaa96180e87d99490
WiFi Drive CR version 1.0 suffers from a file upload vulnerability that allows for malicious script execution.
6f4c0e90400ddb9bc62a317bbf688b4b45f93981ac1ef7a4dd8e7ff43d6ad413