The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process cra...

The sharebar plugin before 1.2.2 for WordPress has SQL injection.

In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption.

ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. A...

inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.

Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via...

WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.

An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative passw...

Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability

A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file.

Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (...

ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.

HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability

BabyGekko before 1.2.4 allows PHP file inclusion.

ZPanel 10.0.1 has insufficient entropy for its password reset process.

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

opendnssec misuses libcurl API

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary...

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE p...

Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, relat...