Chamilo LMS suffers from a persistent cross site scripting vulnerability.
bc13f65de0792bdc1e2bb9fd29ab0d6fdffa9843148374f7b6d135c76354780c
Chamilo LMS suffers from an insecure direct object reference vulnerability.
45ca288b13f7415dfb28d2c6c6aa16e6f8a5baf6d21c4e8d7a1a099587d9f341
Investors Application suffered from a client-side script insertion vulnerability.
31b0a0b759a2c2c22be39be00d0d6a5f2c966fb77f6eb6b664a25e861da3f5e3
Prezi suffered from cross site scripting and open redirection vulnerabilities.
a9272aa1383aa28eef7ba0439aca2188d07e11e69f869dfc892626f1450eac10
iFixIt suffered from a persistent cross site scripting vulnerability.
61832184f77e03ab41094e0f543daad18e092a25bb0e0f4885e0fa9dbb5d593a
iFixIt suffered from a persistent cross site scripting vulnerability.
298e8300b75f167cea651ce178b15c762d1853e337ce965c048f7d2cfd7f991b
STIMS Cutter version 1.1.3.20 overflow proof of concept with SEH overwrite.
7630dfcf1c23685d5ff746caef2a3193e9af63121e6307de11d7b6a33841ebc0
DirectAdmin version 1.491 suffers from a cross site request forgery vulnerability.
46c874ed2505a5df8e83a213d020c5a1bde6cce21994c9b4f390cc5cf69c4532
WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.
4c445d18ff897468b32229c61b93169d17ee6ba88ec405da9f786b7a7906b6fd
webSPELL version 4.2.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.
2291468cde58eae41054890b9e25d4217654ae9d0f8b7b9e749e1192bdcd7e44
DOKEOS version ce30 suffers from an authentication bypass vulnerability.
e0d80f4d11e0f37a08bd45c5adf3616f68bc949b8f350966e67ed9a9b99c6a86
TestLink version 1.9.14 suffers from a remote SQL injection vulnerability.
91d1c80956419cb3834dcfcd444983fe9cb7d79deae450a0f99e91da4a1bf961
Osclass version 3.5.9 suffers from a remote SQL injection vulnerability.
1873a8e1196208b1b465380f46ad84e72520251b671aaa4c7dd577b9cff925a1
osCmax version 2.5.4 suffers from code execution, cross site request forgery, and local file inclusion vulnerabilities.
4ad8190811bf2819eca13b86515ec3b6f35acf38818dc02e5c40e799d449f463
osCommerce version 2.3.4 suffers from cross site request forgery and local file inclusion vulnerabilities.
0590c4c85647c5c0a02e877aee9bff53f2ee293542d8d20f50cdb9048d52be0f
Comodo Internet Security installs GeekBuddy which installs a weakly secure exposed VNC server.
3d2e073c1d6d171f88727d9420abce1904c883acad79c0452fffab5ce7a41451
Umbraco versions prior to 7.4.0 suffers from server-side request forgery, cross site request forgery, and cross site scripting vulnerabilities.
20bc965b21baa931f940d7ed6d8a9e9f44777aeb1ea263df14aa21c1cf9f5104
Vesta Control Panel versions 0.9.8-15 and below suffer from a persistent cross site scripting vulnerability via the user agent.
d430afd4621b5d62dad4b70ffff8d6258610f314f51abde198f22b3b9841fd8d
ebay.com suffered from a cross site scripting vulnerability.
a29879e61b3488fdba8438c12dd745e034bbd5c2a76b31866e02d794bf818ecd
The Cisco ASA VPN Portal password recovery page suffers from a cross site scripting vulnerability.
eb2aac6086f4bb061f2a2742410500a3e2ba73666fb36027d37e43f8e424ecfc
There is a type confusion vulnerability in the TextField constructor in AS3. When a TextField is constructed, a generic backing object is created and reused when subsequent TextField objects are created. However, if an object with the same ID has already been created in the SWF, it can be of the wrong type. The constructor contains a check for this situation, though, and throws an exception and sets a flag to shut down the player if this occurs. The backing object is then set to be of type TextField to avoid any modifications that have been made on it by the constructor from causing problems if it is used as an object of its original type elsewhere in the player. However, if the exception thrown by the constructor is caught, the exception handler can create another TextField object, and since the type of the generic backing object has been changed, an object of the wrong type is now backing the TextField, which makes it possible to set the pointers in the object to integer values selected by the attacker. The PoC swf for this issue needs to be created by hand.
89244b28a4549217c3946663d62b8133ad186a92cdb4285eeff70e6a18cdb172
There is a dangling pointer that can be read, but not written to in loadPCMFromByteArray. A proof of concept is included.
6a837aeb0f69779cabe3ac91d53929ecab287b6e562f832a1364d2e7e1364980
There is a use-after-free in LoadVars.decode. If a watch is set on the object that the parameters are being decoded into, and the watch deletes the object, then other methods are called on the deleted object after it is freed.
fbe2ae5d15b3901564ae333ef65dc05ba1b8f150b143e8b0a87296c853c3503a
The included file causes a crash due to a heap overflow, probably due to an issue in ATF processing by the URLStream class.
31320a678e0ba948912307dabf47b9cca5c8ea878f23514c24959ad680fe11f2
The included flv file causes stack corruption when loaded into Flash. To use the PoC, load LoadMP42.swf?file=lownull.flv from a remote server.
74d667d649a7d045b24409e6c7c68eeea9f6f1cc6f03497a67ed1756ff630172