InterPhoto version 2.3.0 Persians suffers from a database disclosure vulnerability.

KODExplorer web file manager suffers from a cross site scripting vulnerability.

Installation of DeleGate version 9.9.13 sets some binaries setuid root and at least one of these binaries can be used to escalate the privileges of a local user. The binary dgcpnod creates a node allowing a local unprivileged user to create files anywhere on disk. By creating a file in /etc/cron.hourly a local user can […]

FTPShell Client version 5.24 suffers from a buffer overflow vulnerability.

Netduma R1 router versions 1.03.4 and 1.03.5 suffer from a cross site request forgery vulnerability.

WordPress Simple Ads Manager plugin version 2.9.4.116 suffers from a remote SQL injection vulnerability.

KODExplorer web file manager suffers from a cross site request forgery vulnerability.

TrendMicro_MAX_10.0_US-en_Downloader.exe loads and executes ProfAPI.dll and UXTheme.dll (and other DLLs too) eventually found in the directory it is started from.

Joomla versions 1.5.x through 3.4.5 object injection exploit that allows for code execution and more. Written in golang.

PHP Melody CMS version 2.3 suffers from a remote SQL injection vulnerability.