The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
7af65ecb81ce4b4c1a3d5b2e77c78c1b93a601f5b442985ac77bb97f00dc5731
Family Connections CMS version 2.3.2 suffers from stored cross site scripting and XML injection vulnerabilities.
560b3b3d4d08ff3156aae5a09cf91b31f8fe7ef39a5cb6cabff71d7f147a2fbf
Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. The package suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exists due to the improper permissions, with the "C" flag (Change(write)) for the "Everyone" group, for the binary file msscasi_asp.exe and the package itself, msscasi_asp_pkg.exe.
985f1b8a0c9c7170bfff235022459884dade76cc7504b5ccb7d597a030b5d2e8
Pointter PHP CMS version 1.2 suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
9576e04112b662072178f9e55b2f30889f73467a6b27a79f96dc6bffd32f2b9b
Constructr CMS version 3.03 suffers from cross site scripting and remote SQL injection vulnerabilities.
a4224d4b86b1a571f0f86d7e8a69d82fa301a58aad20b4eff53030bccf77f96d
eXPert PDF Reader version 4.0 suffers from a NULL pointer dereference and heap corruption denial of service vulnerability.
290623376432a2f10c80421fb38a2d32682190ff9321dac7e355092b1f5512ff
Nitro PDF Reader version 1.4.0 remote heap memory corruption proof of concept denial of service exploit and advisory.
6f7251db7965fc6a2cb851fe9fe21e4f69d15e09dae81c217b971fb2bc6b0484
Elecard MPEG Player version 5.7 local buffer overflow proof of concept exploit.
e924badb6b079b6080a73804ebae6bfddae61d8bb4d1cbcdd18b7b2f41db3392
WinMerge version 2.12.4 project file handling stack overflow exploit.
a90d518f4b58a2d90381a86b1328947e877d00adeda5abb3f18c2dbec603cfa5
phpBugTracker version 1.0.5 suffers from multiple reflective cross site scripting vulnerabilities.
e653f2dcaa267e5788cce847b1b903fcb155cef35150ac6fd4a767c3f855861d
GAzie version 5.10 suffers from cross site scripting and remote SQL injection vulnerabilities in the login_admin.php script.
ead13b30d80bb3f7501f40846fd76e17b90bc050e548377ff399f21d2a1dece6
AutoPlay version 1.33 local buffer overflow exploit that creates a malicious autoplay.ini file.
3d6ec4b37f5393ccc419eac3e4e7edbdd77b47c7d203d69da6130e06a397a565
MG2 version 0.5.1 suffers from multiple cross site scripting vulnerabilities.
d9e1492757a88b8aae40695552fa07b4741b360277a7016b7540c93273f43c48
Pixelpost is vulnerable to an SQL Injection attack when input is passed to several POST parameters (findfid, id, selectfcat, selectfmon, selectftag). The script (admin/index.php) fails to properly sanitize the input before being returned to the user allowing the attacker to compromise the entire DB system and view sensitive information. Version 1.7.3 is affected.
058b005df3b48a0a2f6526e2d72d4ad64a02ed8dbdd5a5eeac880138515851eb
Oracle MySQL Eventum versions 2.2 and 2.3 suffer from cross site scripting and script insertion vulnerabilities.
b8ee58ea46776bf446728edd538964f323d61acaa892fd2e07c381ecb17a66c4
Pixelpost version 1.7.3 suffers multiple persistent cross site scripting vulnerabilities.
fcc972c67a58e71be958caa6666fcacbebf4d166d7acba0ba6ff664163a286c6
TaskFreak! version 0.6.4 suffers from multiple cross site scripting vulnerabilities.
d4a82eb8408d5ef509ea24f2ea5421f7b3a38bce8f7fc498a71d10bc4d78a3b1
CultBooking version 2.0.4 suffers from a local file inclusion vulnerability.
24bcdd6125c7cc4b3d51be8dee944fb8ce491872476affee2bd28200a712e6f8
CultBooking version 2.0.4 suffers from cross site scripting vulnerabilities.
24e1154c89c42c178796c636bb67c5e08c8ad7b7e1f4211c0ba0b0ae79186a25
Embedthis Appweb Web Server version 3.2.2-1 suffers from a cross site scripting vulnerability.
3bf0eb7266128b20d987e0ca5fdc2ac3b08bde1c94aa4b5000b8e3bb3f0ca62a
MantisBT versions 1.2.3 and below suffer from cross site scripting and path disclosure vulnerabilities.
18a95d91ab5662bc9da22edd42c6085d143c012493617b0a9f216e4bbb8cd78e
MantisBT versions 1.2.3 and below suffer from a local file inclusion vulnerability.
abf8514ede0418cc0812ff5542f8637869d485480ee17472e692434df0836263
MODx Revolution CMS version 2.0.4-pl2 suffers from a cross site scripting vulnerability.
ee4eae9c7c2d3ad655590094df23afa0c31e8588b46ce611a9158231283e7fd9
Native Instruments Service Center version 2.2.5 suffers from a local privilege escalation vulnerability.
17003a3d3ba0281c940bdee33302d7f863117f4222be5fa9fc977e0d2d38b948
Native Instruments Massive version 1.1.4 suffers from a KSD file handling use-after-free vulnerability.
c2b308fa8e87b18b73cb43c68ad32dee80d98ad144657ee759f5045112df0d0f
Native Instruments Kontakt 4 Player NKI File Syntactic Analysis buffer overflow proof of concept exploit.
70713be9f719b9fb02eb8d297e9b7609df428c484244c571482402333e7b586f