>> CATEGORY: exploit

Google Sites suffered from a persistent cross site scripting vulnerability.

WordPress ALO EasyMail Newsletter plugin version 2.6.01 suffers from a cross site request forgery vulnerability.

glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the…

Remote unauthenticated attackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server. When the Jetty web server receives a HTTP request, the…

Redaxo CMS version 5.0.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

TOTVS RM PORTAL suffers from multiple cross site scripting vulnerabilities. The vendor has not responded to reports.

phpMyBackupPro version 2.5 suffers from remote command execution and cross site request forgery vulnerabilities.

phpMyBackupPro version 2.5 suffers from a remote shell upload vulnerability.

phpMyBackupPro version 2.5 suffers from multiple cross site scripting vulnerabilities.

Microsoft afd.sys version 6.1.7600.16385 suffers from a dangling pointer privilege escalation vulnerability. This exploit demonstrates the vulnerability discussed in MS14-040.