Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability.
0187de9002d59f341d170b546ca8984e4ebf01432ab6172e13141bf0b1e44251
Folder Lock version 7.7.9 suffers from a denial of service vulnerability.
a2d5ca402cd81d6b3b4997fcc78e9714cb8af7d57a844b1148c8aa88da349a3a
FTPShell Client version 6.74 suffers from a local buffer overflow denial of service vulnerability.
2289dadc1d05440dd5dd8dffb82ee765b6becd294b086efe6730efbd6e4f86ef
LimeSurvey versions 3.17.13 and below suffer from reflective and persistent cross site scripting vulnerabilities.
573baf1603249a448f854d8c59cc5938e7334c20fe44126259027c9914a5cfd5
This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution.
8f0ccbdfa41b81ddec1fba4936ed5ca28502dd6600b5ac754d4fe23b7ec5988d
Opencart version 2.3.0.2 pre-authentication remote command execution exploit.
241c2df2c06d04ed1d46433e033708608f5d3557b99ec80f4c641aa0910f2a98
Microsoft DirectWrite suffers from an out-of-bounds read in sfac_GetSbitBitmap while processing TTF fonts.
aa2d5d7be90b6f28c281bef6187c775b1dfc2408d2066e1d3ea3a0b1eeca0a0e
Microsoft DirectWrite suffers from an invalid read in SplicePixel while processing OTF fonts.
4d40188c13a19d3f86978a4337818897a6919c2d01372f9e540c97358af7ad4a
eWON Flexy with firmware version 13.0 suffers from an authentication bypass vulnerability.
76bf027bea193d108094970bd462dd2ebb200858467fc02d58f0a91a682501e5
OpenEdx Ironwood.1 suffers from multiple cross site scripting vulnerabilities.
8168f8986249d0eda2a31569d08e72a792784a43838118fa1bb7f6d84e1e7f61
WordPress SlickQuiz plugin version 1.3.7.1 suffers from a remote SQL injection vulnerability.
3b3f2021735ae446297196ed34135cc91bdd1359c4dc4c1847d8a05052387e80
WordPress SlickQuiz plugin version 1.3.7.1 suffers from a persistent cross site scripting vulnerability.
cbb9b82d8abba98ceec52791f9d154653f25751db87716fba4d0f5bdb5a37486
AVCON6 Systems Management Platform suffers from a remote root command execution vulnerability.
1dd0d5b962a6b8f0b0dc6267e2fc5ca01c3e4382c0782267388eb383cd70e571
WordPress Checklist plugin version 1.1.5 suffers from a cross site scripting vulnerability.
817d94f07556f4882cc6d45a7809768465e34cb74d87172d7a9ac95f95c8bf04
WordPress Photo Gallery plugin version 1.5.34 suffers from multiple cross site scripting vulnerabilities.
4fed05720ee4fecd2da49f336d79b68ed8843b63367bb135080f3301ff646e73
WordPress Photo Gallery plugin version 1.5.34 suffers from a remote SQL injection vulnerability.
950d9d2613c0929b824d90f41698923dce59107a3eccab59751a55e01c8fc896
The Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.
0ac770f479e014f7c5b8c6027c620e27b00efd876208dd79b63187fd39efe9df
Core FTP LE version 2.2 build 1935 suffers from buffer overflow vulnerability.
2b347f042a2ee7a96ebba7c78aeb582f058f85fdaf4466b5097f76b87cc59fc9
Tibco JasperSoft suffers from a path traversal vulnerability.
3d5803f45be81659caf4f3bffb04cadddfd4a598bf1a1150dafa4203a2d45984
Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.
73c9d99009b7401255bba6a1f56507939d40908be4130273b2c562c5a4a3adb6
WordPress Qwiz Online Quizzes and Flashcards plugin version 3.36 suffers from a cross site scripting vulnerability.
634c7369106c5e8fe42529b05f448cc52e6022665ac665f210efa6c734e5fed6
Dabman and Imperial Web Radio Devices suffers from undocumented telnet backdoor and command execution vulnerabilities.
6e28c900f138b4c227460279ef44595a12f751de44f3a06844fa9e9ce1c87e2a
Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.
6826dc0ef459539b9dbd73ad177cbaf6ed9ed2ece658f77e4b7715a8c0b04c36
Enigma NMS version 65.0.0 suffers from a remote SQL injection vulnerability.
4cc7a0a98cea7b8dd397f89ccfa2628dded3cba0ac317b141cc5f674ab88b466
Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.
bab53fc3d093813545a41360b16744c1c7a3723c574c2a429a2b935572a6e1be