Joomla AceFTP component appears to suffer from an arbitrary file download vulnerability.
>> ARCHIVE: 2016-08
PayPal suffered from a two-factor authentication bypass vulnerability.
A cross site request forgery vulnerability in the Telegram Bot API can allow for denial of service attacks.
OpenCart version 2.0.3.1 suffers from a cross site scripting vulnerability.
nopCommerce version 3.70 suffers from a cross site scripting vulnerability.
Stash CMS version 1.0.3 suffers from a remote SQL injection vulnerability.
Taser Axon Dock version 3.1 suffers from authentication bypass vulnerabilities.
WordPress Photo Gallery by Supsystic plugin version 1.8.5 suffers from a stored cross site scripting vulnerability.
WordPress Peter’s Login Redirect plugin version 2.9.0 suffers from cross site scripting and cross site request forgery vulnerabilities.
WordPress Email Users plugin version 4.8.3 suffers from a cross site request forgery vulnerability.