WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability.
f5dbd9b328b410e55ced6b1b19e5fa2738b42682e045d966972cc9e7585402e1
Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities.
2035df9be9103e5e7731bca557187aa16e61e414a6b55770d4e589c8c6d8cbbf
Kaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.
8f81d492c8f92ef800d091dc7a9b9b4e65c6a0776aa789f26d9207772f0843d5
PFSense version 2.2.2 suffers from a cross site scripting vulnerability.
b41b9c68576f0be0722976059ed088c83310cca21a4d01f12703068087ad1bcc
ArticleFR version 3.0.6 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
fc4cceecf98e26b34c3709337914564c092fc67141584a9307de989d67ef1162
ArticleFR suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter 'name' in Categories, POST parameters 'title' and 'rel' in Links and GET parameter 'url' in PingServers module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.6 is affected.
97577b9ace469f43b13d8ce2548ca3144fe75dccb6067e8bf74ca67d2b2dbe4f
Panda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer.
017a81162eb94fe7a9a71b19ac47e7b58ea849b57dcaba936c68c4e615a3aa90
The SAP Afaria Windows client software installs with weak default permissions that grant read and write permissions to the Everyone group to the install folder. Versions 7.0.6398.0 is affected.
f55a7dc136213d822d2d50e86eefeb0e200654f4242fdea8ec5a678e31edaa9e
SAP ECC uses binaries that are executed with elevated privileges (SetGID and SetUID programs) that have been compiled in manner that means they searched for libraries in insecure locations.
dda76ea46a15e7f7868621a6ca1e393d8ba4ac5999ea0d317aec6164f94be550
WordPress Plotly plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
8c8ecc962a319c7bfa3171c85e8bd93531f424c4f1101eaddd89bbe50f29c468
Pimcore CMS build 3450 suffers from a remote SQL injection vulnerability.
f7b0a644408b713c75a3b2b6813d047888f1cc7dda004eb2ff27ab376715fb66
phpVibe version 4.0 suffers from an arbitrary file disclosure vulnerability.
872cb632d10ee1d392d46059c45f959ef8b2d1c387db7d3980d10e5df1f17249
Pimcore CMS build 3450 suffers from an issues where it is possible for an administrative user with the 'assets' permission to overwrite system configuration files via exploiting a directory traversal vulnerability.
ab88a54c96cee261f04972545556b484aa577fdfae39c4f1a28989afe29b7997
This whitepaper deals with local privilege escalation attacks via exploiting vulnerabilities in the client management software Empirum.
976d9cf9503cd3beaddb146f9507ee3529d1b82a6712b2cdc7b7ce1b67ac583a
The WordPress Eventbrite Tickets plugin from The Events Calendar version 3.9.6 suffers from a cross site scripting vulnerability.
9d007e52a0aca85109b108602e13c60f95a5b63d24894f873375bcaaa6a3c02f
The AjaxControlToolkit prior to version 15.1 has a file upload directory traversal vulnerability which on a poorly configured web server can lead to remote code execution.
3ecb8a9a5021d70b1e7c79052e7ca74b09b23fe34ddae56eae4bc7ed860ab73e
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
7314c7a33e39371cd2b97e6ad6effe66cd46811ce446554bda0d310bfd83be12
FreiChat version 9.6 suffers from a remote SQL injection vulnerability.
340c717fd761abf304ec7c246e204eb9f11ad8a6f4c06aabb383e69a76994e3a
sysPass versions 1.0.9 and below suffer from a remote SQL injection vulnerability.
6b3b7dbe62538e63e5bf0114ba91c34d647ba966aa039a58a9ad1fad1a067add
WordPress WP-PowerPlayGallery plugin version 3.3 suffers from remote file upload and remote SQL injection vulnerabilities.
9f8d10108d02ae3286eb0f5ff0f4e6c51b291455c43a4e920c4dd937fcc5c9a4
WordPress Floating Social Bar version 1.1.5 suffers from a cross site scripting vulnerability.
e3d25f5373a83dae455e18baf666848ac55bb72a48e1200252f0f83bc659910d
This whitepaper deals with local privilege escalation attacks via exploiting vulnerabilities in the client management software FrontRange DSM.
08ece3edf3aa93e1fde88c8522d035bcfa58b66f09c695d34999e853118ef852
Full Player version 8.2.1 memory corruption proof of concept exploit.
c07c5de0d2f58a49ab68f2ed72732c09a5adb03c0074d5688bb13c2ad8c5fe3b