Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability.
23591d1c5baab1dd97cf541e0e9530809619db9d2680fd8d0aa19ddcb03cd816
Kerio Control Unified Threat Management versions prior to 9.1.3 suffer from unsafe usage of the PHP unserialize function, code execution, memory corruption, cross site scripting, and various other vulnerabilities.
c22171b8824d2b252b1a4ea012d4bc8d7cc2305a401acabe53ffb1f9885c3e3d
Microsoft Internet Explorer 11 is not following the CORS specification for local files like Chrome and Firefox. Microsoft does not believe this to be a security issue.
d427f830f768b41cde9f338a6e270c5ffdd96617add1cdcfb86beb27d8769480
Silverstripe theme Newedge suffers from a cross site scripting vulnerability.
2ad7428ab78125654bb9ea68b2d4509003baf6277ff46bf667722791a214f490
This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue. This Metasploit module was tested against Kaltura 11.1.0 installed on CentOS 6.8.
ba9012dd4f49aefcf4379514160c82dc80f1785189dc8f95974035d6f73830f1
This Metasploit module exploits the "diagnostic console" feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an administrator on Metasploit Pro and by an authenticated user on Metasploit Express and Metasploit Community. When enabled, the diagnostic console provides access to msfconsole via the web interface. An authenticated user can then use the console to execute shell commands. NOTE: Valid credentials are required for this module. Tested against: Metasploit Community 4.1.0, Metasploit Community 4.8.2, Metasploit Community 4.12.0
4f3bb48177d573f2d188fe4a2e93543cd54f1257e65865784c469730b1b9051b
BT Wifi Extenders models 300, 600, and 1200 suffer from a cross site scripting vulnerability.
83936b94e6a31c5e450025084893cfe0398ef6c6e6db76f38eb0bae5f21ba3f2
A malicious sftp server may force a client-side relative path traversal in jsch's implementation for recursive sftp-get allowing the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process. Versions 0.1.53 and below are affected.
dfd3deafc8949119431558bc8219895f763a1d7d6a7b008eccb812e5d19ba8c3
Symantec Antivirus includes RAR unpacking memory corruption issues that can lead to remote code execution.
9f57b2a3b52264e8df535a836560985566bdee33f433a00744602c523418b41f
Microsoft PowerPoint 2010 suffers from an invalid pointer dereference vulnerability.
5c7cd7d8e99b6f1f1a0d9fbb154e1948a7c293749f6d7b8665e48d59d78f8193
WordPress W3 Total Cache (w3tc) plugin versions 0.9.4.1 and below suffer from a cross site scripting vulnerability.
fd336a5de820d4386bd67cceecd95849541d0a8251cd5a04277ce69a6823f9b8
Exponent CMS versions 2.3.9 and below suffer from a remote blind SQL injection vulnerability.
3e237ec6c00af59c1ddbf878a77aa82dabfd991c656a7c28bd3a59c7ae1da0ed
VegaDNS version 0.13.2 suffers from a remote command injection vulnerability.
691f14f46448b114528c54e8b25a49d68c7140203e7d8634eb7318d2424b2d4a
Dolphin version 7.3.0 suffers from an error-based remote SQL injection vulnerability.
3f7601ff61e6c2a8e66c765afa277832197db4eb3fe1136bd295b5ff8d0e6de3
DLL Hijack Auditor version 3.5 suffers from a stack buffer overflow vulnerability.
079daf2fcf5386a4fd101c08688706ca0b26eb047c680de68e2dcb012253f2f8
AppDynamic version 4.3.2.1 build 57 suffers from a cross site scripting vulnerability.
f5cde956ddc6e0d21c9c246292f6adeeb00e7f88e875c634f3558a2a44267ec9
ZineBasic version 1.1 suffers from a file disclosure vulnerability.
06b86484883fae23c8361309d9226646bad9cb8fbabb56cbe1ca5a708ff912f7
ShoreTel Connect ONSITE versions 20.xx.xxxx.x and 21.xx.xxxx.x up to 21.79.4311.0 suffer from an unauthenticated remote blind SQL injection vulnerability.
5fe02891997443ded0a53a2ce816960a4a202cd2c141c914b517d4e640ef0545
EKG Gadu versions 1 through 1.9~pre+r2855-3+b1 suffer from a local buffer overflow vulnerability.
aff59676a07ff154fa771cc294cbe56e8183978dc06b3dd5415de1f85a85f11e
MetInfo version 3.0 suffers from a remote SQL injection vulnerability.
80cb6eb5667364f3286bbb37f303a6416c133be7473e6f3e36d2d33b71b91b40
CodeCanyon iBilling version 2.4 suffers from a cross site scripting vulnerability.
d41d9e15c4377e6843aa40aa225587fee960487ca541dcbc3aa1522e730879d7
ECShop version 2.7.2 suffers from an open redirection vulnerability.
e2a2b9bda2e63613dc12ca1dac19cb1a78d027e42940469e7b036872f2a9c921
Coupon CMS version 5.00 suffers from an open redirection vulnerability.
5599af4764b8c21fc79507d31150a23d50bc62d02d88da4c361685c6f38e5470
VMWare Workstation vprintproxy.exe suffers from multiple memory corruption and other crashes in the handling of JPEG2000 images.
edd5397d8b520f00253f4f9311dff71b9765d0e2c44fa145e57518fe92c73758
VMWare Workstation vprintproxy.exe suffers from a heap buffer overflow vulnerability in the handling of TrueType NAME tables.
1d5414c24aa6efa04b7bd1a2dd19dca752085107658d72d462362ffb0de5eceb