HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary (com.privax.hmaprovpn.helper) local privilege escalation vulnerability.
dbab384b2c2cf9076d625633efca65ab
HideMyAss Pro VPN client version 2.2.7.0 for OS X suffers from a helper binary (HMAHelper) local privilege escalation vulnerability.
4e9c69f81809b928fa5fb9a01e6fd6c7
WordPress NewStatPress plugin version 1.2.4 suffers from a cross site scripting vulnerability.
f2fd38b71b380c6af9a9110449ad562f
osTicket version 1.9.12 suffers from multiple persistent cross site scripting vulnerabilities.
a11db04acf9963a5de4465717e9442ba
WordPress version 4.5.3 suffers from a cross site scripting vulnerability when an uploaded image filename has a malicious payload inserted.
0161ac0b585bf93aafacc9cd06d0582a
WordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.
128f43aecf47badf4272571710225474
WordPress Ninja Forms plugin version 2.9.51 suffers from cross site scripting vulnerabilities.
004445f8baf4060508c00de52f0c52e2
WordPress Activity Log plugin version 2.3.1 suffers from a cross site scripting vulnerability.
736e891187f3de875921d045817d118b
WordPress Live Chat Support plugin version 6.2.00 suffers from a persistent cross site scripting vulnerability.
9145a57994ede874ba32eef668b65779
Synology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.
a796d2461c7e924ed0d96630e9e71583
Synology Video Station version 1.5-0757 suffers from remote command injection and SQL injection vulnerabilities.
2d70ccd0c21c161323f8483a0c458393
It was discovered that the server certificate validation checks performed by EMC Secure Remote Services Virtual Edition are insecure. Weak certificate validation allows attackers to perform a man in the middle attack against ESRS connections. This allows for eavesdropping on, and spoofing of provisioned devices in ESRS VE (including but not limited to home calls to the ESRS portal esrs.emc.com). Versions 3.02, 3.03, and 3.04 are affected.
7422644d438f591155d98b9d637802f4
A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.
b7c5905da53dbedf0252c0e0eaf31a32
It was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.
50c91a8bdcdd159b0b9034e8ccc241ed
A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.
1579db71b1b93c28ae8678b57f16a887
It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
9874325f86bef49d1ece9fd0d75e93be
An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.
38ab9bd223d35a3ae4036a23e8101091
A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.
1ce9eb0a674b58ee302cff1521c315ad
A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
8b88774ea14080fe5e9b90b7285e9723
A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
75c8cf8cad96cde32de2124ca6a7d13f
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
b5a7bb3b7795ea4a02931e1a103d80d6
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
0905638d0042501994a70dc5a5008bea
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.
3229a84d50ed04e1c73f2ab068557038
It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.
654ea83b4f8835317d17c06f0d8566f1
It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.
eba368f2ffa4a6d9413f27cae2d20a8f