>> TAG: #0day

MS Office 2007 and 2010 – OLE Arbitrary Command Execution

phpSound Music Sharing Platform 1.0.5 – Multiple XSS Vulnerabilities

Esotalk CMS 1.0.0g4 – XSS Vulnerability

WordPress SupportEzzy Ticket System Plugin 1.2.5 – Stored XSS Vulnerability

Who’s Who Script – CSRF Exploit (Add Admin Account)

Position independent & Alphanumeric 64-bit execve(“/bin/sh”,NULL,NULL); (87 bytes)

ZTE ZXDSL 831CII – Insecure Direct Object Reference

ManageEngine OpManager, Social IT Plus and IT360 – Multiple Vulnerabilities

PHP-Fusion 7.02.07 – SQL Injection

Password Manager Pro / Pro MSP – Blind SQL Injection