CVE-2013-6876 s3dvt Root shell
[CVE-2013-6239]Contexis 1.0 CMS, Reflected Xss
: CVE-2015-8298 SQL Injection Vulnerability in RXTEC RXAdmin
A local application could cause a denial-of-service to the audio_policy app in Android
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
APPLE-SA-2015-08-13-3 iOS 8.4.1
APPLE-SA-2015-09-16-4 OS X Server 5.0.3
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
APPLE-SA-2016-10-24-3 Safari 10.0.1
APPLE-SA-2016-12-13-1 macOS 10.12.2
APPLE-SA-2017-03-27-3 macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
APPLE-SA-2017-07-19-2 macOS 10.12.6
ASUS router drive-by code execution via XSS and authentication bypass
Adium vulnerable to remote code execution via libpurple
Advanced Access Manager allows admin users to write arbitrary files and execute arbitrary php (WordPress plugin)
Advisory X41-2017-001: Multiple Vulnerabilities in X.org
Advisory: Android SQLite Journal Information Disclosure (CVE-2011-3901)
Apache VCL improper input validation
Arbitrary File Upload and Code Execution in Accusoft Prizm Content Connect
Aruba ArubaOS/Aruba Instant/AirWave Management - Multiple Vulnerabilities (CVE-2016-2031, CVE-2016-2032)
CORE-2012-0123 - SAP Netweaver Dispatcher Multiple Vulnerabilities
CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
CORE-2013-0301 - Vivotek IP Cameras Multiple Vulnerabilities
CORE-2013-0302 - Zavio IP Cameras multiple vulnerabilities
CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities
CORE-2013-0318 - TP-Link IP Cameras Multiple Vulnerabilities
CORE-2013-0517 - Xpient Cash Drawer Operation Vulnerability
CORE-2013-0613 - FOSCAM IP-Cameras Improper Access Restrictions
CORE-2013-0704 - Vivotek IP Cameras RTSP Authentication Bypass
CORE-2013-0708 - Hikvision IP Cameras Multiple Vulnerabilities
CORE-2013-0726 - AVTECH DVR multiple vulnerabilities
CSRF/XSS vulnerability in Private Only could allow an attacker to do almost anything an admin user can (WordPress plugin)
CVE-2012-1201 Testtrack for Linux Racecondition
CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF)
CVE-2012-2945 hadoop-env symlink vulnerability
CVE-2013-1866: OpenSC.tokend - privacy leak & arbitrary file creation (OSX, All versions)
CVE-2013-1867: tokend (Apple, Gemalto) - privacy leak & arbitrary file creation (OSX, All versions)
CVE-2013-186y: tokend (Apple, Gemalto) - privacy leak & arbitrary file creation (OSX, All versions)
CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)
CVE-2013-3685: Root exploit for LG Android devices (target sprite software's backup daemon)
CVE-2013-622 Livezilla Remote Code Execution (Cure-2013-1007)
CVE-2013-6430 Possible XSS when using Spring MVC
CVE-2014-1214 - Remote Code Execution in Projoom NovaSFH Plugin
CVE-2014-1215 - Local Code Execution in CoreFTP Core FTP Server
CVE-2014-1220 - Disclosure Of Database Credentials in IT2 Workstation
CVE-2014-1221 - Local Code Execution in Dameware Mini Remote Control
CVE-2014-1226 s3dvt Root shell (still)
CVE-2014-1686 -- Information disclosure: webserver source path in Mediawiki 1.18.0
CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth)
CVE-2014-2023 - Tapatalk for vBulletin 4.x - multiple blind sql injection (pre-auth)
CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF)
CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall
CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages
CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS
CVE-2014-3448 - Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS
CVE-2014-3449 - Insufficient ACLs in BSS Continuity CMS
CVE-2014-3718] ALEPH500 (Integrated library management system) Cross Site Scripting Vulnerability
CVE-2014-3719 SQL Injection Vulnerability
CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014
CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4
CVE-2014-3868: ZeusCart 4.x Remote SQL Injection Vulnerability
CVE-2014-5439 - Root shell on Sniffit [with exploit]
CVE-2014-6412 - WordPress (all versions) lacks CSPRNG
CVE-2014-7951 adb backup archive path traversal file overwrite
CVE-2014-7952, Android ADB backup APK injection vulnerability
CVE-2014-7953 Android backup agent code execution
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
CVE-2015-1187: D-Link DIR-636L Remote Command Injection - Incorrect Authentication
CVE-2015-4557 - Wordpress “Nextend Twitter Connect” & “Nextend Google Connect” Cross Site Scripting
CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation
CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability
Chrome for Android Didn’t Use FLAG_SECURE for Credit Card Prefill Settings [CVE-2017-5082]
CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass
Conduct phonecalls on Android without the necessary permission, advisory+testapplication+exploits for testing (CVE-2013-6272 and CVE-2014-N/A)
Context IS Advisory - Citrix XenServer Hypervisor Privilege Escalation
Docker 1.3.3 - Security Advisory [11 Dec 2014]
Drupal OG Menu Module XSS Vulnerability
ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability
EasyXDM 2.4.16 multiple vulnerabilities
Followup on CVE-2014-6412
Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT macro.
Freebox OS Web interface 3.0.2 XSS, CSRF
Group-Office Cleartext Credentials Stored in Cookies
Hunt CCTV (and generics brands) Insufficient Authentication
KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
Komento Joomla! component Persistent XSS
LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine
LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability
LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues
LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities
Low severity flaw in RIM BlackBerry PlayBook OS browser
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
Magnolia CMS multiple access control vulnerabilities
ManageEngine Applications Manager Multiple Vulnerabilities
Mapserver for Windows (MS4W) Remote Code Execution
Medium risk security flaws in Konqueror
Multiple BSD libc/regcomp(3) Multiple Vulnerabilities
Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/)
NSOADV-2013-002: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/sgms/)
NetBSD 5.1 libc/net multiple functions stack buffer overflow
NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities
OpenID/Debian PRNG/DNS Cache poisoning advisory
PcwRunAs Password Obfuscation Design Flaw
Problems in automatic crash analysis frameworks
Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)
Re: CVE-2014-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via xmlrpc API (post-auth)
Re: CVE-2014-2225: Ubiquiti Networks - Multiple products - Cross-site Request Forgery (CSRF)
Re: CVE-2014-6412 - WordPress (all versions) lacks CSPRNG
Re: Cookie stealing and XSS vulnerable in Zenphoto version 1.4.3.2
Re: NetCommWireless HSPA 3G10WVE Wireless Router – Multiple vulnerabilities
Re: PcwRunAs Password Obfuscation Design Flaw
Re: SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options
Re: TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins
Re: ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability
Re: [BMSA-2009-07] Backdoor in PyForum
Re: [Bkis] sNews 1.7.1 XSS vulnerability
Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4
Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4
Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4
Re: [CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4
Re: [CVE-2014-3719] ALEPH500 (Integrated librarymanagement system) SQL Injection
Re: [CVE-2015-1530]An integer overflow in Android media could be exploited to get media_server permission
Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
Re: list of vulnerabilities discovered by realpentesting
Re: list of vulnerabilities discovered by realpentesting
Re: list of vulnerabilities discovered by realpentesting
Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 (CVE-2014-6413)
SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS
SEC Consult 20130408-0 :: Nitro Pro 8 - Insecure Library Loading Allows Remote Code Execution (DLL Hijacking)
SEC Consult SA-20130507-0 :: Multiple vulnerabilities in NetApp OnCommand System Manager
SEC Consult SA-20131004-0 :: SQL injection vulnerability in Zabbix
SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop
SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities
SEC Consult SA-20170301 :: XXE and XSS vulnerabilities in Aruba AirWave
SEC Consult SA-20170425-0 :: Portrait Display SDK Service Privilege Escalation
SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method
SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method ( link correction)
SOPlanning - Simple Online Planning Tool multiple vulnerabilities
SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities
Safend Data Protector Multiple Vulnerabilities
Secunia Research: Autonomy Keyview Ichitaro Object Reconstruction Logic Vulnerability
Secunia Research: Autonomy Keyview Ichitaro QLST Integer Overflow Vulnerability
Secunia Research: Autonomy Keyview Ichitaro Text Parsing Buffer Overflow
Secunia Research: Network Instruments Observer SNMP OID Processing Denial of Service
Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability
Security Analysis of IP video surveillance cameras
Stored XSS in Plotly allows less privileged users to insert arbitrary JavaScript into posts (WordPress plugin)
Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options
TPTI-07-14: HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities
TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
TWSL2013-019: Multiple Vulnerabilities in MiCasaVerde VeraLite
TWSL2013-021: Multiple Vulnerabilities in Karotz Smart Rabbit
TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub (Model Discontinued)
TWiki Security Alert CVE-2013-1751: MAKETEXT Variable Has Another Shell Command Execution Issue
TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins
TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391
TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390
Thomson Reuters FATCA - Arbitrary File Upload
Thomson Reuters FATCA - Local File Inclusion
Three out of bounds access issues in ImageMagick (CVE-2014-8354, CVE-2014-8355, CVE-2014-8562)
Toshiba ConfigFree CF7 File Remote Command Execution
Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field
Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName)
Unauthenticated remote code execution in OpenMRS
Unscribe
Vantage Point Security Advisory 2015-002
Vulnerability in the Dropbox SDK for Android (CVE-2014-8889)
XSS Vulnerability in Fork CMS 3.8.3
ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability
[ GLSA 200803-01 ] Adobe Acrobat Reader: Multiple vulnerabilities
[ GLSA 201201-15 ] ktsuss: Privilege escalation
[ MDVSA-2010:090 ] samba
[ MDVSA-2013:034 ] cups
[ MDVSA-2013:077 ] ettercap
[ MDVSA-2013:188 ] otrs
[ MDVSA-2013:212 ] otrs
[ MDVSA-2013:235 ] mediawiki
[ MDVSA-2013:290 ] mediawiki
[ MDVSA-2014:057 ] mediawiki
[Advisory]LibRaw Multi Memory error[CVE-2015-8366 and CVE-2015-8367]
[CORE-2015-0002] - Android WiFi-Direct Denial of Service
[CORE-2015-0012] - AirLive Multiple Products OS Command Injection
[CVE-2012-1622] Apache OFBiz information disclosure vulnerability
[CVE-2012-6297] DD-WRT v24-sp2 Command Injection
[CVE-2013-2294] Multiple Cross Site Scripting (XSS) vulnerabilities in ViewGit
[CVE-2013-3684] NextGEN Gallery 1.9.12 Arbitrary File Upload
[CVE-2013-4695] WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference
[CVE-2013-5675] Symantec Endpoint Protection un-installation password bypass
[CVE-2013-6231] Remote Privilege Escalation in SpagoBI v4.0
[CVE-2013-6234] XSS File Upload in SpagoBI v4.0
[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults
[CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation
[CVE-2014-1203] Eyou Mail System Remote Code Execution
[CVE-2014-1860] PHP object insertion / possible RCE in Contao CMS <= 3.2.4
[CVE-2014-2069] 'eshtery CMS' allows remote attackers to read arbitrary files
[CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack
[CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack
[CVE-2014-3719] ALEPH500 (Integrated library management system) SQL Injection
[CVE-2015-1530]An integer overflow in Android media could be exploited to get media_server permission
[CVE-2015-4553]Dedecms variable coverage leads to getshell
[CVE-2015-5617]Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp cbNewsid
[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow
[ICS] Moxa SoftNVR-IA Live Viewer – Insecure Library Loading Allows Code Execution
[ICS] Schneider Electric Pro-Face WinGP – Insecure Library Loading Allows Code Execution
[ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9
[ISecAuditors Security Advisories] Multiple Vulnerabilities in Telaen <= 1.3.0
[ISecAuditors Security Advisories] Multiple Vulnerabilities in Uebimiau <= 2.7.11
[KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability
[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability
[KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability
[MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability
[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA
[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA
[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA
[RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution
[SECURITY] [DSA 2188-1] webkit security update
[SECURITY] [DSA 2310-1] linux-2.6 security update
[SECURITY] [DSA 2382-1] ecryptfs-utils security update
[SECURITY] [DSA 2524-1] openttd security update
[SECURITY] [DSA 2540-1] mahara security update
[SECURITY] [DSA 2696-1] otrs2 security update
[SECURITY] [DSA 2712-1] otrs2 security update
[SECURITY] [DSA 2733-1] otrs2 security update
[SECURITY] [DSA 2857-1] libspring-java security update
[The ManageOwnage Series, part III]: Multiple vulnerabilities / RCE in ManageEngine Desktop Central
[The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser
[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360)
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central
[USN-971-1] OpenJDK vulnerabilities
libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507)
libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506)
list of vulnerabilities discovered by realpentesting
pidgin OTR information leakage
server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)
u-design wordpress theme DOM XSS