The Kankun Smart Socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP. An attacker on the local network can use the same key to encrypt and send unsolicited commands to the device and hijack it.
9225a407cd8c8dd1c678631cb1e646a383b42ee99ca1ea8aa1e039b735e9be08
SilverStripe CMS version 3.1.13 suffers from open redirection and cross site scripting vulnerabilities.
701dc27fc99ae0950b14b0faf19d1fb54c6eff0e004fef057c3b3d65faef74f2
Apexis IP CAM suffers from a remote information disclosure vulnerability.
6241365038e03dc58eafa111dc2905a716e965fcb30f266cfc7b10a7e6f1c8a2
SanyBee Gallery versions 0.2.9 and 0.2.10 suffer from cross site scripting and add administrator vulnerabilities.
f4038f6854de17663fff4ff5953a7bfa407b053ad722c8ea52c6d9aff3a1a1b4
WordPress Encrypted Contact Form plugin version 1.0.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
de168bc9ae565931b08fd16f0f2a4a87e5905225a349be79aefeabea3d4371f1
Expedia CruiseShipCenters suffers from an insecure direct object reference vulnerability.
28c192d3eea661a3d610ef216cada7ffcea7c0c106d0340b173317c5060fbbeb
Tanium suffers from an arbitrary file overwrite vulnerability.
56f5943446298e0afd8a0f224658b545708e94496113edf450d52debd5cde2ed
Elitenetwork Advanced Social Network Script suffers from a shell upload vulnerability.
50d8eaf21e2c3cca0a25040ae0ed37df379733579a42427167615f41f0e488cf
Joomla EQ Event Calendar component suffers from a remote SQL injection vulnerability.
76a3371129a71f9cb4b04572956cea23364589c89e791a42bed428d1adccc645
Subdreamer CMS version 3.7.1 suffers from local file inclusion and remote file upload vulnerabilities.
09a0cad0e98ff9212b156a550a330370bbd8e0c81c2dabaf374161618aad8e49