OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities.
OX Guard version 2.10.3 suffers from server-side request forgery and cross site scripting vulnerabilities.
SmarterMail 16 suffers from an arbitrary file upload vulnerability.
Sysax MultiServer version 6.90 suffers from a cross site scripting vulnerability.
PHP-Fusion version 9.03.60 PHP object injection to SQL injection pre-authentication exploit.
This Metasploit module will send arbitrary file_paths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges (verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected).
10-Strike Bandwidth Monitor version 3.9 services Svc10StrikeBandMontitor, Svc10StrikeBMWD, and Svc10StrikeBMAgent suffer from unquoted service path vulnerabilities.
This Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Editor.
This Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Scanner.
This Metasploit module exploits a shell upload vulnerability in Neon LMS versions prior to 4.9.1.