ObjectPlanet Opinio version 7.12 suffers from reflective and persistent cross site scripting vulnerabilities.
Denver IP Camera SHO-110 Snapshot Disclosure
Denver IP Camera SHO-110 suffers from an unauthenticated disclosure of a snapshot.
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
Longjing Technology BEMS API version 1.21 suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks.
Oracle Fatwire 6.3 Cross Site Scripting / SQL Injection
Oracle Fatwire version 6.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.
Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.
http://secondary33.go.th/vuln.gif
http://secondary33.go.th/vuln.gif notified by MiSh
TripSpark VEO Transportation SQL Injection
TripSpark VEO Transportation suffers from a remote blind SQL injection vulnerability.
eGain Chat 15.5.5 Cross Site Scripting
eGain Chat version 15.5.5 suffers from a cross site scripting vulnerability.
Denver Smart Wifi Camera SHC-150 Remote Code Execution
Denver Smart Wifi Camera SHC-150 has a hardcoded backdoor login vulnerability available via telnet that gives a shell.