WordPress Image Gallery plugin version 1.9.65 suffers from a persistent cross site scripting vulnerability.
>> CATEGORY: exploit
GNU wget versions 1.17 and earlier, when used in mirroring/recursive mode, are affected by a race condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions…
JBoss EAP’s JMX Invoker Servlet is exposed by default on port 8080/TCP. The communication employs serialized Java objects, encapsulated in HTTP requests and responses. The server deserializes these objects without…
UCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.
RedTeam Pentesting discovered behavior in the Less.js compiler, which allows execution of arbitrary code if an untrusted LESS file is compiled.
Osticket versions 1.9.14 and below X-Forwarded-For stored cross site scripting exploit.
A specially crafted web-page can cause a type confusion in HTML layout in Microsoft Internet Explorer 11. An attacker might be able to exploit this issue to execute arbitrary code.
Koken versions 0.22.7 and 0.22.11 suffer from multiple cross site scripting vulnerabilities.
A specially crafted web-page can cause Microsoft Internet Explorer 10 to continue to use an object after freeing the memory used to store the object. An attacker might be able…
This is an interesting analysis that goes over reverse engineering access to the HS-110 Smart Plug and how secrets are insecurely transferred.