>> CATEGORY: exploit

SAP HANA 4 suffers from a cross site scripting vulnerability.

WordPress No External Links plugin versions 2.6.3 and 2.7.1 suffer from an open redirection vulnerability.

WordPress Tubepress plugin version 2 suffers from a cross site scripting vulnerability.

FingerTec devices have a default root password that allows for remote enrollment.

Fortigate OS versions 4.x through 5.0.7 remote ssh backdoor exploit.

It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object.

There exists a buffer underflow vulnerability in devenum.dll!DeviceMoniker::Load when attempting to null terminate a user supplied string.

WordPress Symposium Pro Social Network plugin version 16.1 suffers from a cross site scripting vulnerability.

This program demonstrates how to escalate privileges using an overlayfs mount within a user namespace.