Solaris 10 CDE local privilege escalation exploit that achieves root by injecting a fake printer via lpstat and uses a buffer overflow in libXM ParseColors().
http://www.bnk.go.th/f7xp.html notified by F7 Xpl0it3r
SLIMS version 9.5.2 suffers from a cross site scripting vulnerability.
http://www.sdm.dmr.go.th/b.htm notified by Mr. BDKR28
KesionCMS X version 1.5 suffers from a direct access add administrator vulnerability.
Yazilimi Jettweb Haber version 3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
xcash version 1.5 appears to leave a default administrative account in place post installation.
WordPress WPtouch Pro plugin version 3.0.9.1 suffers from an open redirection vulnerability.
WordPress WPtouch plugin version 3.8.2 suffers from an open redirection vulnerability.
Active Matrimonial CMS version 3.6 suffers from a remote SQL injection vulnerability.