Easy File Sharing webserver suffers from a persistent cross site scripting vulnerability in the forum messages.
A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This Metasploit module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process.
BulletProof FTP Client 2010 suffers from a buffer overflow vulnerability.
Ubiquiti AirVision Controller version 2.1.3 suffers from an overly permissive default crossdomain.xml file.
Ubiquiti UniFi Controller version 2.4.6 discloses the administrative password hash via syslog messages.
Pligg versions 2.0.1 and below suffer from remote SQL injection, path disclosure, and remote command execution vulnerabilities.
Parallels Plesk Panel version 9.5 with Sitebuilder 4.5 suffers from bypass, file download, shell upload, and cross site scripting vulnerabilities.
Make version 3.81 heap overflow proof of concept exploit.
Lian Li NAS suffers from hard-coded cookies, authentication bypass, backdoor accounts, privilege escalation, and various other vulnerabilities.
Omeka suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/items/add' script thru the 'file' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/files/original' directory after successfully disabling the file validation option (or adding something like 'application/x-php' into the allowed MIME types list) and bypassing the rewrite rule in the '.htaccess' file with '.php5' extension. Versions 2.2.1 and 2.2 are affected.
Ubiquiti Networks UniFi Controller version 2.4.6, mFi Controller version 2.0.15, and AirVision Controller version 2.1.3 suffer from a cross site request forgery vulnerability.
HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.