Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution FreeBSD - 'FGPE' Stack Clash (PoC) FreeBSD - 'FGPU' Stack Clash (PoC) FreeBSD - 'setrlimit' Stack Clash (PoC) BIND 9.10.5 - Unquoted Service Path Privilege Escalation Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection Tecnovision DLX Spot - Arbitrary File Upload Tecnovision DLX Spot - Authentication Bypass Tecnovision DLX Spot - SSH Backdoor HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion APNGDis 2.8 - 'chunk size descriptor' Heap Buffer Overflow APNGDis 2.8 - 'image width / height chunk' Heap Buffer Overflow Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting Synchronet BBS 3.16c - Denial of Service ntfs-3g (Debian 9) - Privilege Escalation Joomla! < 2.5.2 - Admin Creation Mozilla Firefox < 50.1.0 - Use-After-Free Ansible 2.1.4/2.2.1 - Command Execution Nagios 4.2.2 - Privilege Escalation MiCasaVerde VeraLite - Remote Code Execution NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities Multiple Vendors (RomPager 4.34) - Misfortune Cookie Router Authentication Bypass Yeager CMS 1.2.1 - Multiple Vulnerabilities OpenMRS Reporting Module 0.9.7 - Remote Code Execution KiTTY Portable 0.65.0.2p (Windows XP/7/10) - Chat Remote Buffer Overflow (SEH) ManageEngine Desktop Central 9 - FileUploadServlet ConnectionId (Metasploit) Joomla! Component Realtyna RPL 8.9.2 - Multiple SQL Injections Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery ZHONE < S3.0.501 - Multiple Vulnerabilities Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2) Vtiger CRM 6.3.0 - Authenticated Remote Code Execution Qlikview 11.20 SR11 - Blind XXE Injection XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write (PoC) Netsweeper 2.6.29.8 - SQL Injection Netsweeper 4.0.4 - SQL Injection WordPress Plugin Count Per Day 3.4 - SQL Injection Xceedium Xsuite - Multiple Vulnerabilities Hawkeye-G 3.0.1.4912 - Cross-Site Request Forgery SO Planning 1.32 - Multiple Vulnerabilities AirLive Multiple Products - OS Command Injection Fiyo CMS 2.0_1.9.1 - SQL Injection DeDeCMS < 5.7-sp1 - Remote File Inclusion Koha 3.20.1 - Directory Traversal Koha 3.20.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities Koha 3.20.1 - Multiple SQL Injections GeniXCMS 0.0.3 - register.php SQL Injection Vesta Control Panel 0.9.8 - OS Command Injection Bonita BPM 6.5.1 - Multiple Vulnerabilities WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities ADB - Backup Archive File Overwrite Directory Traversal Abrt (Fedora 21) - Race Condition Apport/Abrt (Ubuntu / Fedora) - Privilege Escalation Kemp Load Master 7.1.16 - Multiple Vulnerabilities Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities WordPress Plugin Marketplace 2.4.0 - Arbitrary File Download TWiki Debugenableplugins - Remote Code Execution (Metasploit) Android WiFi-Direct - Denial of Service Lazarus Guestbook 1.22 - Multiple Vulnerabilities GIT 1.8.5.6/1.9.5/2.0.5/2.1.4/2.2.1 & Mercurial < 3.2.3 - Multiple Vulnerabilities (Metasploit) Aireplay-ng 1.2 beta3 - 'tcp_test' Length Parameter Stack Overflow vBulletin 4.x - breadcrumbs via xmlrpc API Authenticated SQL Injection vBulletin 4.x/5.x - AdminCP/ApiLog via xmlrpc API Authenticated Persistent Cross-Site Scripting WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload Kolibri WebServer 2.0 - Buffer Overflow (EMET 5.0 / EMET 4.1 Partial Bypass) TeamSpeak Client 3.0.14 - Buffer Overflow LoadedCommerce7 - Systemic Query Factory ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution ArticleFR 11.06.2014 - 'data.php' Privilege Escalation Sphider Search Engine - Multiple Vulnerabilities Status2k Server Monitoring Software - Multiple Vulnerabilities D-Link DWR-113 Rev. Ax - Cross-Site Request Forgery / Denial of Service Ubiquiti UbiFi / mFi / AirVision - Cross-Site Request Forgery Shopizer 1.1.5 - Multiple Vulnerabilities Python CGIHTTPServer - Encoded Directory Traversal web2Project 3.1 - Multiple Vulnerabilities ZTE WXV10 W300 - Multiple Vulnerabilities PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure OXID eShop < 4.7.11/5.0.11 / < 4.8.4/5.1.4 - Multiple Vulnerabilities OpenDocMan 1.2.7 - Multiple Vulnerabilities SpagoBI 4.0 - Arbitrary Cross-Site Scripting / Arbitrary File Upload SpagoBI 4.0 - Privilege Escalation ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH) WordPress Plugin BuddyPress 1.9.1 - Privilege Escalation D-Link DIR-100 - Multiple Vulnerabilities ownCloud 6.0.0a - Multiple Vulnerabilities Eventum 2.3.4 - 'hostname' Parameter Remote Code Execution Ammyy Admin 3.2 - Authentication Bypass Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution PotPlayer 1.5.40688 - '.avi' File Handling Memory Corruption D-Link DSR Router Series - Remote Command Execution LiveZilla 5.0.1.4 - Remote Code Execution Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2) Vivotek IP Cameras - RTSP Authentication Bypass Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1) Stem Innovation - 'IZON' Hard-Coded Credentials WordPress Plugin Cart66 1.5.1.14 - Multiple Vulnerabilities AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities Loftek Nexus 543 IP Cameras - Multiple Vulnerabilities Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities INSTEON Hub 2242-222 - Lack of Web and API Authentication Karotz Smart Rabbit 12.07.19.00 - Multiple Vulnerabilities MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities FOSCAM IP-Cameras - Improper Access Restrictions Winamp 5.63 - Invalid Pointer Dereference Airlive IP Cameras - Multiple Vulnerabilities Xpient - Cash Drawer Operation TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities Cisco Linksys E4200 - Multiple Vulnerabilities D-Link IP Cameras - Multiple Vulnerabilities Vivotek IP Cameras - Multiple Vulnerabilities Simple HRM System 2.3 - Multiple Vulnerabilities Belkin Wemo - Arbitrary Firmware Upload OTRS 3.x - FAQ Module Persistent Cross-Site Scripting AWS Xms 2.5 - 'importer.php' 'what' Parameter Directory Traversal Apache Struts - ParametersInterceptor Remote Code Execution (Metasploit) GnuTLS libgnutls - Double-Free Certificate List Parsing Remote Denial of Service ViewGit 0.0.6 - Multiple Cross-Site Scripting Vulnerabilities SAP NetWeaver Message Server - Multiple Vulnerabilities SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow Ektron 8.02 - XSLT Transform Remote Code Execution (Metasploit) BabyGekko 1.2.2e - Multiple Vulnerabilities ZPanel 10.0.1 - Cross-Site Request Forgery / Cross-Site Scripting / SQL Injection / Password Reset Konqueror 4.7.3 - Memory Corruption Bitweaver 2.8.1 - Multiple Vulnerabilities EZHomeTech EzServer 7.0 - Remote Heap Corruption Samsung Kies 2.3.2.12054_20 - Multiple Vulnerabilities jira 4.4.3 / greenhopper < 5.9.8 - Multiple Vulnerabilities SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities SugarCRM CE 6.3.1 - 'Unserialize()' PHP Code Execution SocialEngine 4.2.2 - Multiple Vulnerabilities Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting SAP NetWeaver Dispatcher - Multiple Vulnerabilities WebCalendar 1.2.4 - Remote Code Execution Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities Invision Power Board 3.3.0 - Local File Inclusion PHPFox 3.0.1 - 'ajax.php' Remote Command Execution libpurple 2.8.10 - OTR Information Disclosure Fork CMS 3.2.5 - Multiple Vulnerabilities Tiki Wiki CMS Groupware 8.2 - 'snarf_ajax.php' Remote PHP Code Injection Microsoft Office 2010 - '.RTF' Header Stack Overflow