Wildfly versions prior to 10.0.0.Final, including 9.0.2.Final, and 8.2.1.Final suffer from a WEB-INF and META-INF information disclosure issue via a filter restriction bypass vulnerability. Video included showing the proof of concept.
702a857da000ebd458a935e4fbf17d96d7f77f33e1ef8aaa494e4206bfa48f76
WordPress Abtest plugin suffers from a local file inclusion vulnerability.
4dfd25d83af233008ae8fd8f81633e2601547ac29e44fd477dde61fa603cb041
Sysax Multi Server version 6.50 HTTP file share SEH overflow remote code execution exploit.
c00ceddd52d084e84687306a20618247ce5e46f255ec2f4e36d4c94b92151b3f
Fortinet FortiOS suffers from cross site scripting and open redirect vulnerabilities.
adf6965aa4e456c066a759abb27c019e435a69201a13504c049ad95581b7976b
WebsiteBaker CMS version 2.8.3-SP5 suffers from a remote SQL injection vulnerability.
d8c88cbdb9744e1a26af7b80ce4fe6fe1b5c53888b9441fc5f1c76364d300b27
High-Tech Bridge Security Research Lab discovered multiple cross site request forgery (CSRF) vulnerabilities in a popular dating social network Dating Pro. A remote unauthenticated attacker can perform CSRF attacks to change administrator's credentials and execute arbitrary system commands. Successful exploitation of the vulnerability may allow attacker to gain complete control over the vulnerable website, all its users and databases. suffers from a cross site request forgery vulnerability.
9b0685fd87ae9a98fe16f9d776280dfa8f697c3ea2872fce79f19f41bb912245
High-Tech Bridge Security Research Lab discovered a remote code execution vulnerability in iTop that is exploitable via cross site request forgery flaw that is also present in the application. The vulnerability exists due to absence of validation of HTTP request origin in "/env-production/itop-config/config.php" script, as well as lack of user-input sanitization received via "new_config" HTTP POST parameter.
2a57050bf2377c2df7b28c31e707efa2cf5ea74cb641059629604c7bdc0bd715
Avira suffers from a heap underflow vulnerability when parsing PE section headers.
ea61070846baddcbb28d0f5d8e2027b479bd9eb7b9a66c93cc181a9f30a48ac3
XOOPS version 2.5.7.2 suffers from a cross site request forgery vulnerability.
56dc964beea76e30a2f054812239297f424ec6166d368f20527609342894cfc9
XOOPS version 2.5.7.2 has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing "..././" instead of "../".
8e0c7e604227b0d036e3789cef8b9827cdedcbebab054b865cd01c359cf31f18
The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app's Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package
c530b1e4af62da81fc070ef71c1611d62d2872d39d07e2b965fb3fe3445fd447
BigTree version 4.2.8 suffers from object injection and improper filename sanitization.
bb5b9719d7bfbf7cf86fcf58ff69f590fc08931de25d8fc421b05176a6b0c2a3
PivotX version 2.3.11 suffers from a remote shell upload vulnerability.
1fde09f58b26d38b03398935d6085dab67680b1fec165dc098830588ea42a109
PivotX version 2.3.11 suffers from a directory traversal vulnerability.
3dbedc633207c9beff4d14771b22c0d37f76842088d440fe37e3544851054b5e
PivotX version 2.3.11 suffers from a reflective cross site scripting vulnerability.
31d15c80f7f7e46d28b9c663b0fa5fb798008c4de2b256a1cc1dca6b3ec3b485
Zenphoto version 1.4.11 suffers from a remote file inclusion vulnerability.
64bd4c4defecd30504823144287f0037c179633ccaf922731536d159006d337a
ProjectSend version r582 suffers from a persistent cross site scripting vulnerability.
5a8b293f6200ed2995e1dee8ac4403297729385e05b38533144dd374cb20d671
Cisco UCS Manager version 2.1(1b) shellshock exploit that spawns a connect-back shell.
8e555e4314339995e576394135e468491a5591e41f42cc88f61d026cdbae0718
Core Security Technologies Advisory - An integer signedness error has been found in the amd64_set_ldt() function in the FreeBSD kernel code (define d in the /sys/amd64/amd64/sys_machdep.c file), which implements the i386_set_ldt system call on the amd64 version of the OS. This integer signedness issue ultimately leads to a heap overflow in the kernel, allowing local unprivileged attackers to crash the system. FreeBSD 10.2 amd64 is affected.
d41fcb2fcfd845b70a122e20b1cbd17e3b183211e307eaf35331480595a9fc22
AKIPS Network Monitor versions 15.37 through 16.5 suffer from a remote command injection vulnerability.
95b953fa411ca824ee148020ad6266248e425f74b8a092b166a88950b0cad00e
The SecLogon service does not sanitize standard handles when creating a new process leading to duplicating a system service thread pool handle into a user accessible process. This can be used to elevate privileges to Local System.
1503dd54222782a3e53678913f5880565b05a932180f2498066832dd8aed5905
There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.
8d92358d69c6cf29a7a2e76627b8f20bcfc96b06bc62c811897c7535e426936e
There is a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.
292d570afeace4b50b30f7dbd281243c97bd1306ff4c195b7d58b81eb6446be2
The avmplus bytecode verifier misses a control-flow path via op_pushwith throwing an exception allowing crafted bytecode to be incorrectly optimized which can trivially be abused to get code execution.
15e844ae6193dee99a1f13d80853248247c00f3baaac1706b37ffdc2478eb54a
Microsoft Internet Explorer has a read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout issue.
b53f8e4c4ebe84b15587cf2408a4e03b8bba9fce031e88a6b70310b5cab23a39