Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSCo...

A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code

There is an object injection vulnerability in swfupload plugin for wordpress.

Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input

Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a Q...

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.

Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.

NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload

XnView 2.03 has an integer overflow vulnerability

XnView 2.03 has a stack-based buffer overflow vulnerability

Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3.

Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vector...

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session,...

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".

vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.

vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.

An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."

Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".

An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.

A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.

An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, caus...

NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.