24 May 2019
On MacOS X version <= 10.14.5 (at time of writing) it is possible to easily bypass Gatekeeper in order to execute untrusted code without any warning or user's explicit permission.
12 September 2018
Tor Browser version < 8.0 and Firefox version < 62 / < 60.2.0esr are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.
10 September 2018
Tor Browser version 7.0.8, and probably prior, for Mac OS X and Linux, is affected by an information disclosure vulnerability that leads to full de-anonymization of website visitors using just a single html tag.
27 September 2017
19 April 2017
Squirrelmail version 1.4.22 (and probably prior) is vulnerable to a remote code execution vulnerability because it fails to sanitize a string before passing it to a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in Deliver_SendMail.class.php on initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it don't escapes whitespaces allowing the injection of arbitrary command parameters.
7 December 2016
A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine. User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability. Microsoft Remote Desktop Client for Mac OS X (ver 8.0.32 and probably prior) allows a malicious Terminal Server to read and write any file in the home directory of the connecting user. The vulnerability exists to the way the application handles rdp urls. In the rdp url schema it's possible to specify a parameter that will make the user's home directory accessible to the server without any warning or confirmation request. If an attacker can trick a user to open a malicious rdp url, he/she can read and write any file within the victim's home directory.
8 February 2016
The contentAjaxQuery class suffers from a SQL-Injection vulnerability because the request parameter "query" is used to build a sql query without beeing properly sanitized. In order to exploit this issue, an attaccker must be logged into the application as a non-privileged user.
26 January 2016
ProjectSend (previously cFTP) suffers from multiple vulnerabilities
15 April 2015
Lychee version 2.7.1 and probably below suffers from remote code execution vulnerability. The vulnerability resides in the importUrl function that fails to restrict file types due to the lack of file extension validation. Since the imported file is stored in a web-readable directory where php files can be executed, remote code execution can be achieved.
23 March 2015
23 May 2012
LogAnalyzer version 3.4.2 and probably below suffers from multiple vulnerabilities
7 March 2012
OSClass version 2.3.5 and probably below suffers from a directory traversal vulnerability that leads to arbitrary file upload and information disclosure.
27 January 2012
OSClass version 2.3.4 and probably below suffers from multiple vulnerabilities
26 January 2012
postfixadmin version 2.3.4 and probably below suffers from multiple vulnerabilities
24 January 2012
Mibew messenger version 1.6.4 an probably below is vulnerable to multiple XSS (and persistent XSS). They are all an POSTs and can be exploited due to the lack of CSRF protection
Posted Apr 16, 2008
Secunia Security Advisory – poplix has reported some vulnerabilities in Parallels VZPP, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system.
Posted Dec 28, 2007
Secunia Security Advisory – poplix has discovered a vulnerability in PDFlib, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
Posted Dec 24, 2007
pdflib, a library used for generating PDFs on the fly, suffers from multiple buffer overflow vulnerabilities due to the use of strcpy().
Posted Sep 30, 2007
Posted Feb 6, 2007
cotv 2.0 suffers from a client-side denial of service vulnerability due to a lack of validation. Demonstration exploit included.
Posted Dec 14, 2006
Secunia Security Advisory – poplix has reported a vulnerability in D-LINK DWL-2000AP+, which can be exploited by malicious people to cause a DoS (Denial of Service).
Posted Nov 3, 2006
Secunia Security Advisory – poplix has discovered a vulnerability in iodine’s client, which can be exploited by malicious people to compromise a user’s system.
Posted Oct 31, 2006
easy notes manager (eNM) version 0.0.1 is affected by multiple SQL injection issues. POC included that demonstrates how to bypass authentication.