Graphite2 suffers from a heap-based over-read in TtfUtil::CheckCmapSubtable12.
58c3fb7cc8d374ea523d5d1fbab1d2bd4a2884405f2abe2286fb3debc7650ab2
Graphite2 suffers from multiple heap-based over-reads in GlyphCache::Loader.
127c0edd9c9f390519bd49f2ac51e2b3b0141cf51884c49eb448cc2ef3f5bf76
Graphite2 suffers from a heap-based buffer overflow in GlyphCache::GlyphCache.
2a0c07f2c58d2e743b626408cccb90b11cded9b5fe12088cbc47e41ea0aa7570
VMWare vSphere web client versions 5.1 through 6.0 suffer from a flash cross site scripting vulnerability.
c8bcafc14366eb011661d7807d12b5eae2d46687efbe3ab82c1bfd0c94794b23
PHP CRUD version 1.4 comes installed with weakly protected backdoor accounts.
afbdbdccb8b0070e88719f96bce319853dcec0ef7e570a7a2e94806aad01a7d8
Teampass version 2.1.25 suffers from an arbitrary file download.
3edaa0800807b1b4d192d83a6f21a5419b3a9c8e2a27038d5ad01c3ecbf88d59
Teampass version 2.1.25 suffers from an unauthenticated access vulnerability.
fecc638060588bca639b8060b787f342bada3e6c58c51e9584c086a6cc319278
Open-Xchange OX AppSuite versions 7.8.0 and below suffer from cross site scripting, open redirection, and argument injection vulnerabilities.
be81227b99ff680bacfa0f6ca34d199f06524971f330e92cb21190ca6a661f2f
dotCMS versions prior to 3.5 and 3.3.2 suffers from an email header injection vulnerability.
8a2aa086022ce89bb40306dc783a8bd835f0e4f8c1d80ad34fa487953fa9ea7b
Bugcrowd's web application suffered from a filter bypass and malicious script insertion vulnerability.
0319346452cc49b60abff62b532b7229e6158e1cfd2951b03b793951d0f38e0e
Dounia Creation version 1.4 suffers from remote SQL injection and weak default password vulnerabilities.
86d6f70b5e494f3c5826be9dac233fac905a3201a90ce9a807f69878d5a9fc37
This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.
472df2245622a97749e8706f2ba968606decb46822546f51bf7cc6c5391ad65f
This Metasploit module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the "mf" malware infecting these devices.
bb35dd847b4006bfddf6670aa0099dfa601022d89cda1ae234b032fd32276366
PowerFolder version 10.4.321 suffers from a remote code execution vulnerability. Proof of concept exploit included.
0f0efada160c1447152adc09401bed6a535c764c9ce9e56f17fa7b105821aa98
AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.
285a356df0342917c10949047f0e7a8de20316652b88f7502badf4e23df2d5c3
XenAPI for XenForo version 1.4.1 suffers from a remote SQL injection vulnerability.
7c3a37ee9ac8d2b769a495f772ba61c0683b07b2341e2500844b324ffac74676
MediaLink router MWN-WAPR300N suffers from multiple session related issues such as not being able to logout and sessions do not time out. Insecure transport is another issue.
d083f82d3886c34b608717c7e62cbdb88123448dd50ef58ccf95bfc5317898cc
The Infobae website suffers from multiple cross site scripting vulnerabilities. The author has received no response from them.
7d27834c41218abe78f74ed25b1687903fade4c02f0c42f10175989c165ee7b8
Whitepaper that discusses how Cisco IP Communicator only uses MAC addresses for authentication allowing you to spoof other callers.
5fa6355a4e3c274a002436a52e827eab9e6cbcae0ca0402c3a1c6a7211bbcdeb
JobScript suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin-ajax.php' script thru the 'name' and 'file' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php' extension (to bypass the '.htaccess' block rule) that will be stored in '/jobmonster/wp-content/uploads/jobmonster/' directory.
ebbd14e9080ce7820b95b2208012010a9a83d14e9f97841c699bfbe6706716ab
Multiple ETAP binaries are prone to a stack-based buffer overflow vulnerability because the application fails to handle malformed arguments. Version 14.1.0.0 is affected. An attacker can exploit these issues to execute arbitrary code within the context of the application or to trigger a denial-of-service conditions.
1099aacf1bea150f3f5b0d2b083815b5b9639cb8d176966b60c20e6f33f2bd28
Linknat VOS3000/VOS2009 suffers from a remote SQL injection vulnerability.
0ae3413cc36311b832cc800fbc0fe838b41fbbf707073fec1c0d8e500feaeac4
WEBONE CMS version 6 suffers from a remote SQL injection vulnerability.
c586691bbe7c33c05e24864f607a414bcaba8a51ae9fa8aebc2051a54ea0e918
AMSS++ version 4.2 has an admin/admin backdoor account.
3d053d75fc4e79afef02a50a644a8e6cf4a9f111809a067ec8973b5ddf2e0fbf
Lws-Construction Management version 1.0 suffers from a remote SQL injection vulnerability.
c36d0e7573f5f4c6286e5bac90efe9861de5a2a98a92164fd1b110577fac9378