Karotz API 12.07.19.00: Session Token Information Disclosure

Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking

INSTEON Hub 2242-222 lacks Web and API authentication

ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.

Static HTTP Server 1.0 has a Local Overflow

Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS

Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities

In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality.

Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution

WordPress Xorbin Digital Flash Clock 1.0 has XSS

Sencha Labs Connect has XSS with connect.methodOverride()

SPBAS Business Automation Software 2012 has CSRF.

SPBAS Business Automation Software 2012 has XSS.

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).

Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter.

Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in the Ebay Feeds for WordPress plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.