KikChat suffers from local file inclusion and remote command execution vulnerabilities.
0fefc791df94702470f534eb7c319bdf9254a296e5a9505420e52df50b9d42a7
HP Security Bulletin HPSBMU02872 4 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter Web Tier running on Windows. The vulnerabilities could be exploited resulting in remote disclosure of information and cross site scripting (XSS). Revision 4 of this advisory.
066d6fe8695d2d8a4bbfa8a9f693830bf962a7cc1beb78daaaa2dfa3da42a94f
HP Security Bulletin HPSBMU02931 3 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter. The vulnerabilities could be exploited to allow injection of arbitrary code, remote disclosure of privileged Information , improper privilege management and cross site scripting (XSS). Note: The Service Manager and ServiceCenter resolutions below include updated Apache Tomcat, OpenSSL, Oracle JRE that address security issues in those components. Revision 3 of this advisory.
225979d5d04a764134bd865b1003b73366dc334faa7000e44fd0552806f6ba83
Ditto Forensic FieldStation versions 2013Oct15a and below suffer from remote command execution, cross site scripting, cross site request forgery, hard-coded credential, and various other vulnerabilities.
df3e62ea52b2c4c9f389b63ca271b8910f8d98956a4658742ef79cc7af486ddc
Phone Drive Eightythree version 4.1.1 suffers from local file inclusion, command injection, and remote shell upload vulnerabilities.
d8fd9d38629a05f4f2d3503fdca9cb59932802bc0b930220465cce85922df7fa
Microsoft PhotoStory suffers from a cross site scripting vulnerability.
a28bfc6192eee283fc89e1171132bf7f47271fa8391894f76eec1341deb61b3d
Evernote for Android suffers from insecure storage of PIN data and bypass of PIN protection vulnerabilities.
d4ec90670f420f077afc1f1d13f17cf6aed8381fff2d28c4df4a6c42bd1b8f2a
Evernote on Android can have its one-click setup functionality leveraged maliciously to change a user's password without their knowledge.
ba18b28f54ca2d88cea8523c0e775b385fed288a3a06b92f0fd87c5eef2e2283
Ruby Gem Webbynode version 1.0.5.3 suffers from a remote command injection vulnerability.
bfaa7907aba801776aeefc69d46a1d02c5a36c3932a60c392cd07d6e4f7b0d43
Microsoft Yammer suffered from multiple cross site scripting vulnerabilities.
ffa493a522284668c4144c5b4d98ae3cb0b8e667db062ea350d352b646b98b01
FlashCanvas version 1.5 suffers from a cross site scripting vulnerability.
32b09c3e5bb416688451249b85a453995d5a71712d85eeaae5d2775bfe17393b
EMC Connectrix Manager Converged Network Edition (CMCNE) contains vulnerabilities through the servlets which it uses to transfer different types of files for managing firmware on different types of devices. Using these servlets, remote unauthenticated attackers could read and place files from/on the CMCNE server and execute them. Versions 11.2.1, 12.0.1, and 12.0.3 are affected.
7cc357d0906e3c3f63880caee9ef0002c975d0bda594176d1b3fccfd27f4dff7
Ring Jordan suffers from a remote SQL injection vulnerability in their administrative functionality. The author has tried to contact the vendor and has received no response. The SQL injection issue allows for authentication bypass.
b0303595796d9f5fd9fd11582864f2c0b8d4f8b08600a13e9711b7fbd093fa52
Telmanik CMS version 1.01 suffers from a remote shell upload vulnerability.
c56f47cbdbd567480466a838ad2a346f2ad6aba77864ba331f9655d07cbfa208
WordPress WP-Realty third party plugin suffers from a cross site scripting vulnerability. Note that these findings house site-specific data.
68e5167100d03041530d425635011c823f93e89895b31c229d47d02523f7c7ee