CMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated)
[webapps] Mara CMS 7.5 – Reflective Cross-Site Scripting
Mara CMS 7.5 – Reflective Cross-Site Scripting
[local] BlazeDVD 7.0 Professional – '.plf' Local Buffer Overflow (SEH,ASLR,DEP)
BlazeDVD 7.0 Professional – ‘.plf’ Local Buffer Overflow (SEH,ASLR,DEP)
[webapps] Fuel CMS 1.4.8 – 'fuel_replace_id' SQL Injection (Authenticated)
Fuel CMS 1.4.8 – ‘fuel_replace_id’ SQL Injection (Authenticated)
[webapps] Online Book Store 1.0 – 'id' SQL Injection
Online Book Store 1.0 – ‘id’ SQL Injection
Nagios Log Server 2.1.6 Cross Site Scripting
Nagios Log Server version 2.1.6 suffers from a persistent cross site scripting vulnerability.
SUPERAntiSpyware Professional X Trial Privilege Escalation
SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.
WordPress Autoptimize 2.7.6 Shell Upload
WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
Symphony CMS 3.0.0 Cross Site Scripting
Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.
Eikon Thomson Reuters 4.0.42144 File Permissions
Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.