Open Web Analytics version 1.5.7 suffers from a cross site scripting vulnerability.
9826ef468507dad63ad72b499b5f63fa30e841d17b63f398c4f0bb78be5d5099
JSN PowerAdmin Joomla! extension version 2.3.0 suffers from cross site request forgery, code execution, and cross site scripting vulnerabilities.
52695b93ab343b3468cd352906fc52305c66d72e1dc525d9bcd653d77d405702
WordPress User Submitted Posts plugin version 20151113 suffers from a persistent cross site scripting vulnerability.
ed9820128cacf907158c375e09ab3a252f3645fb8fed827c1e752230a084a0f8
Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.
01b433ea9ea8a8bfd60a02085deff0d6671bc1935cc0aafe2a78128162522f37
In certain kernel versions it is possible to use the AIO subsystem (io_submit syscall) to pass size values larger than MAX_RW_COUNT to the networking subsystem's sendmsg implementation. In the L2TP PPP sendmsg implementation, a large size parameter can lead to an integer overflow and kernel heap corruption during socket buffer allocation. This could be exploited to allow local privilege escalation from an unprivileged user account.
4e8facb5af3635bb5a75286e2815b09aff43b1be7ba523d3b34d41c5a7c53bed
A crash can occurs due to a heap-based buffer overflow in the ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
a7fdbcbd73763761e1e07330bb5c8d3c8ae31713eeb2d4a7465c6ef3bbf98840
Ubiquiti Networks UniFi version 3.2.10 suffers from a cross site request forgery vulnerability.
ce6b8f6b7d6df9b959e6dc54e07373ec0465accd0d4c1c0b4ce70674fb6f11ce
ManageEngine Firewall Analyzer version 8.5 SP-5.0 suffers from multiple cross site scripting vulnerabilities.
358c9090c7ae34b10cce327c19668cc4988fd2e24d1d402f559975a3cfdbbf06
GTA Firewall GB-OS version 6.2.02 suffers from a local malicious script insertion vulnerability.
4cd215368c415a6cbaf6fb3acfa8229e1e2cc4e04a4c7a02b548cec34d49bd1c
eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the message attachment.
85f17b5db889a6f5d1dc69715ae65751c63987fc043b34df2c9e9777cc172f26
eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the forum functionality.
6cb381140d19e5e549ed59d0d3373cadd6f8e834f072df94ed2fce950508a98c
InstallShield suffers from a DLL hijacking vulnerability.
4c5735bf0c7180106c89369ae626f03213246d7d0d90f51d7b872e835b3c3bf3
WordPress CSV Import plugin version 1.0 suffers from a cross site scripting vulnerability.
863e1032d1640aebfa24c19da831a78051d93f4903b0e68a3c869f3afc793193
OpenAM versions 9 through 9.5.5 and 10.0.0 through 10.0.2 suffer from a cross site scripting vulnerability.
733a8d04f8cafa6811d950b5abe8bdd81bee1de0eb014f68a90053b49909b05d
WordPress WP Advanced Importer plugin version 2.1.1 suffers from a cross site scripting vulnerability.
1b8f7c393fd5bfcc67c14b8eb5c2d1f72de2983a7826ed9a0b7c4695eac37754
WordPress Extra User Details plugin version 0.4.2 suffers from a privilege escalation vulnerability.
f1d6b143ddf59b28109375dabf804a5de16504ba3016c474fc3de3e0ca85578d
WordPress WP Ultimate Exporter plugin version 1.0 suffers from a cross site scripting vulnerability.
16c004fd9727443274406df89a6cdaa87f63fc7c1c2bf00b8e278750c2510f74
WordPress Import Woocommerce plugin version 1.0.1 suffers from a cross site scripting vulnerability.
e1ebdab043cb433b08db920123aaf672c2c38a141cbaf95f44e861dc3301583f
RozBlog Weblog Service suffers from cross site request forgery and cross site scripting vulnerabilities.
cd128fdb0719f9f0a5fc9b56517fee549a3bbce6ab7f755891643664f2240a7c
Compass Security discovered a web application security flaw in the OpenAM application which allows an attacker to launch phishing attacks against users by redirecting them to a malicious website. An attacker is able to create a link that, when visited, will redirect the user to a website of the attacker's choosing once the victim attempts to login. This allows, for instance, phishing of user credentials. Since it is the victim who needs to visit the malicious link, this attack is possible for unauthenticated attackers who do not have access to the affected websites. Versions 9.5.5, 10.0.2, 10.1.0-Xpress, 11.0.0 through 11.0.3, and 12.0.0 through 12.0.2 are vulnerable.
88f9d412f3d250d135b3a6b3b9f26c0dcfeb53a8228338a90e7281309a6da7e9
WordPress Calculated Fields Form plugin versions 1.0.x and below suffer from Http_only bypass and session hijacking vulnerabilities.
22fd62241b10270dd006f36d68ce4d0d900367987d8d02ce551d856593396acc
Core FTP Server version 1.2 buffer overflow proof of concept exploit.
e51b115e282e22f8eb70f8926781e1be7f647f3ad859e91402bf0c87c5d703bb
A crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
a9c690614b625bb6e5172e86cdd465b90ff09e43557968287968a407281a00eb
A crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
cc44a554664cced1126d7b0eefa4b8b8ae37e321ffffa876f3e526a0ffcaef9b
A crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
c861f9e59caf134ae57436cc31633c01b724e7061729a02b6ad1d5423e02767b