The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
7af65ecb81ce4b4c1a3d5b2e77c78c1b93a601f5b442985ac77bb97f00dc5731
Native Instruments Reaktor 5 Player version 5.5.1 suffers from a heap memory corruption vulnerability.
7b44f70c1395ea3407651581d50f32b32dc668d11ab8ea67c4834e359f8d854d
Native Instruments Traktor Pro version 1.2.6 suffers from a stack-based buffer overflow vulnerability.
039732df7af4640ef7ebdecd003dd27667315f011853b181f5ab7df45f11378d
Native Instruments Kontakt 4 Player version 4.1.3 suffers from an insecure library loading vulnerability.
9c5940362c511ab8f036a55fd9b96f608c9560cac2599908aeb4734035f9c5f7
Native Instruments Service Center version 2.2.5 suffers from an insecure library loading vulnerability.
13430ccfa6d476a8f25a1ef557c18c50f7900408f659fddd0bc078b56d6425c1
Native Instruments Reaktor 5 Player version 5.5.1 suffers from an insecure library loading vulnerability.
619e0aa69b4d76d97a73033827a930b5b6cd16aef9acde7848ee9538345e9ce1
Native Instruments Guitar Rig 4 Player version 4.1.1 suffers from an insecure library loading vulnerability.
bdded2d22da6096b332e47ea680a264ff3ab72052df535b4c74b151367ea260c
The Altova DatabaseSpy 2011 Enterprise Edition suffers from a buffer overflow / memory corruption vulnerability when handling project files (.qprj).
147a401924e74a73b35e7412da0eb4ebc2f544df74ee1b296794ec6609e0edbf
TomatoCart version 1.0.1 suffers from a cross site scripting vulnerability.
34e741bd38e2824dc1af50ab1654419bc4ca5aa287742999e631921b7a7d5738
Zen Cart version 1.3.9f suffers from a local file inclusion vulnerability.
1534c391faf67821ad61bee524c0d43fd61ae993a4eb8be5ce08324e36eb5d10
Zen Cart version 1.3.9f suffers from cross site scripting and remote SQL injection vulnerabilities.
6811536fb36e430ccabea0a3463cb4ea41374cd15cbccabfa4efb64cbccd94bd
Softek Barcode Reader Toolkit version 7.1.4.14 Active-X related buffer overflow proof of concept exploit.
dceb54e1f32d6772544fa6532904219bd3241b6d0353f08dbdff2c9fb43cb1b2
Netautor Professional version 5.5.0 suffers from a cross site scripting vulnerability.
4d35da18584fd51077f7bc26dc071c71bec8cc441e649fd98e4a21a589f85a9c
Textpattern CMS version 4.2.0 suffers from a cross site scripting vulnerability.
dfd74462ca449e44ea96a803fec91e74f488f325e663ca8a1504db6bf23bdda4
MySource Matrix version 3.28.3 suffers from a cross site scripting vulnerability.
0b4022da0c3745024cfcbc130e3a207b832debd2b1888d8ca111d89d5a5154bf
LEADTOOLS version 16.5.0.2 suffers from buffer overflow, integer overflow and denial of service vulnerabilities related to Active-X Common Dialogs.
dfa7d8e1d37bb018b4f9c4c73d5ddde7edee027e7ee6c5693155ab62354e1a23
Sport Accelerator Suite version 2.0 suffers from a remote SQL injection vulnerability.
6eba3de6d752edf0327713ad11ab93fe42fc85582a378a4f2dd4b9a60a4ee954
SmartCode ServerX VNC Server Active-X version 1.1.5.0 suffers from a denial of service vulnerability in scvncsrvx.dll.
b7b28563723da38901481e1b6eb926086c2a9be731100ece4948f14243ae3599
Team Johnlong RaidenTunes version 2.1.1 suffers from a cross site scripting vulnerability.
4199949d35c67667cd038d30a7f4e8a72521e296137d729dadf966fb082dfe7a
Corel Presentations X5 version 15.0.0.357 (shw) buffer preoccupation proof of concept exploit.
649dafa37afec86f0919292d1d4c3dca78b30faa54d9c1c47c27e68b17f6f2d7
Adobe Reader suffers from a remote memory corruption vulnerability that causes the application to crash while processing the malicious .PDF file. The issue is triggered when the reader tries to initialize the CoolType Typography Engine (cooltype.dll). Version 9.3.2 is affected.
0d7c54c4743176112d2aee8ec983b30d5dd0cb155386bcccd9b4ca611ba3cca3
When parsing .indd files to the application, Adobe InDesign CS3 version 10.0 crashes instantly overwriting memory registers. Depending on the offset, EBP, EDI, EDX and ESI gets overwritten. This allows for arbitrary code execution and denial of service.
d1ba3f3f81ec58b3c4ec9a5db1aba291e884748a886cdf7a44a4c635fe2b5fa6
Shockwave Player versions 11.5.6.606 and below from Adobe suffer from memory consumption / corruption and buffer overflow vulnerabilities that can aid the attacker in causing a denial of service scenario and arbitrary code execution. The vulnerable software fails to sanitize user input when processing .dir files resulting in a crash and overwrite of a few memory registers.
8ec4df5f63f6cfd2422941ca53290e7e3b28c5e09824a064172cf191aa1bea88
The AVTECH Software Active-X controller (AVC781Viewer.dll) suffers from buffer overflow, integer overflow and denial of service vulnerabilities.
7f6a0bb853da3f08e8acd4f1eb5daae71f417172a346b56ba78a04140eb6bb19
Deimos Kasa versions 2.58 and below suffer from a local integer overflow vulnerability.
80ab77904eacba3dc8c30ad3a714933a70e7c038b12b93dbb3f71e6b1bc649d4
ExtCalendar version 2.0 Beta 2 suffers from a cross site scripting vulnerability.
f3ff74b4568f9159c2fd60ec484fe6464f1648d875317b00de9d9708cd6f6a11