Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each…
>> CATEGORY: exploit
Cisco’s tools site suffered from multiple cross site scripting vulnerabilities.
Python versions 3.4 and 3.5 suffer from a vulnerability caused by the behavior of the xmlparse_setattro() function. When called, the function uses the provided name argument in several conditional statements…
Sam Spade version 1.14 local buffer overflow exploit.
Python versions 3.3 through 3.5 suffer from a vulnerability caused by the behavior of the product_setstate() function. When called, the function loops over the state tuple provided and clamps each…
Zeuscart version 4.0 suffers from a cross site scripting vulnerability in the search functionality.
Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a remote SQL injection vulnerability.
Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a cross site scripting vulnerability.
The NtCreateLowBoxToken API allows the capture of arbitrary handles which can lead to to local denial of service or elevation of privilege.
Milton Webdav version 2.7.0.1 suffers from an XXE injection vulnerability.