WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.

An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative passw...

Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability

A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file.

Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (...

ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.

HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability

BabyGekko before 1.2.4 allows PHP file inclusion.

ZPanel 10.0.1 has insufficient entropy for its password reset process.

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

opendnssec misuses libcurl API

The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary...

Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE p...

Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, relat...

Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability

A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial o...

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses Se...

SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-depend...

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbi...

A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute...