moziloCMS 2.0 – Persistent Cross-Site Scripting (Authenticated)
moziloCMS 2.0 – Persistent Cross-Site Scripting (Authenticated)
CMS Made Simple 2.2.14 – Arbitrary File Upload (Authenticated)
Mara CMS 7.5 – Reflective Cross-Site Scripting
BlazeDVD 7.0 Professional – ‘.plf’ Local Buffer Overflow (SEH,ASLR,DEP)
Fuel CMS 1.4.8 – ‘fuel_replace_id’ SQL Injection (Authenticated)
Online Book Store 1.0 – ‘id’ SQL Injection
Nagios Log Server version 2.1.6 suffers from a persistent cross site scripting vulnerability.
SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.
WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.