The Vino VNC server, which is also the default VNC server in Ubuntu (3.4.2-0ubuntu1.2), is vulnerable to a persistent denial of service vulnerability. The vulnerability is triggered when a VNC client, who claims to only support protocol version 3.3, sends malformed data during the authentication selection stage of the authentication process.
2a86c57ec668584e1c10178732acfc9a1b36983b15434b763d969877df0a7998
Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.
7a3a1b289b63638a076af1a5703754d8bf858f40ec5baec07c9f385998b4caad
Bitweaver version 2.8.1 suffers from local file inclusion and multiple cross site scripting vulnerabilities.
47ea855b5b88d6c3266a6179cebd05aafa03ffcf5121153a984f4e7fad08a2bc
This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.
61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612
Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.
5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3
Movable Type Publishing Platform versions prior to 5.13, 5.07, and 4.38 are affected by a cross site scripting vulnerability. After extracting the Moveable Type CGI files and source files on to a web server, but before the application is fully installed, cross site scripting vulnerabilities are present in the '/cgi-bin/mt/mt-wizard.cgi' page.
8884fca39476f536426dc043e4acf681f4550bb0e135c0d0de6141a9f1920af3
WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities.
4b15d4cecda7778d09707a3eb8bde58199397e08729366b2d3568a83e098e9f7
Textpattern CMS version 4.4.1 before change set 3612 suffers from a cross site scripting vulnerability.
caf423b9229fdd97872243c81b9025070f2924eb3658589f6e7bc52ca6f8921c