>> AUTHOR: deepcore

Composr CMS version 10.0.30 suffers from a persistent cross site scripting vulnerability.

PHP-Fusion version 9.03.50 has been found susceptible to additional methods of persistent cross site scripting. Initial findings in this version were discovered by SunCSR.

OpenEDX platform Ironwood version 2.5 suffers from a remote code execution vulnerability.

AbsoluteTelnet version 11.21 suffers from multiple denial of service vulnerabilities.

Forma.LMS version 5.6.40 suffers from a cross site request forgery vulnerability.

This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3…

Gym Management System version 1.0 suffers from an unauthenticated remote code execution vulnerability.

VUPlayer version 2.49 .m3u local buffer overflow exploit with DEP and ASLR.

In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. Qualys recently re-discovered these vulnerabilities and were…