WordPress Cool Flickr Slideshow plugin version 1.0 suffers from a cross site scripting vulnerability.
>> ARCHIVE: 2017-09
WordPress Contact Form 7 International SMS Integration plugin version 1.2 suffers from a cross site scripting vulnerability.
Advertiz PHP Script version 0.2 suffers from a cross site request forgery vulnerability.
Cory Support suffers from a remote SQL injection vulnerability.
This Metasploit module exploits a Memory buffer overflow in the Gh0st client (C2 server).
This Metasploit module exploits a Stack buffer overflow in the PlugX Controller (C2 server).
Apache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library.
IWEBSOUL CMS version 1.0 suffers from multiple cross site scripting vulnerabilities.
IWEBSOUL CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
It appears that you can still talk to X11 outside of the Tor sandbox.