Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account. Date published : 2020-02-13 http://www.securityfocus.com/bid/64192 https://exchange.xforce.ibmcloud.com/vulnerabilities/90077
Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. Date published : 2020-02-13 http://firmware.re/usenixsec14/ http://firmware.re/vulns/acsa-2013-005.php
TRENDnet TS-S402 has a backdoor to enable TELNET. Date published : 2020-02-13 http://firmware.re/usenixsec14/ http://firmware.re/vulns/acsa-2013-014.php
QNAP VioCard 300 has hardcoded RSA private keys. Date published : 2020-02-13 http://firmware.re/usenixsec14/ http://firmware.re/vulns/acsa-2013-002.php
RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. Date published : 2020-02-13 https://exchange.xforce.ibmcloud.com/vulnerabilities/89118
Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file. Date published : 2020-02-13 http://seclists.org/fulldisclosure/2013/Oct/224 https://exchange.xforce.ibmcloud.com/vulnerabilities/88293
PrestaShop before 1.4.11 allows logout CSRF. Date published : 2020-02-13 http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. Date published : 2020-02-13 http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html
A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex,...
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll....
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action. Date published...
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged...
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information....
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. Date published : 2020-02-13 http://softage.be/netgear/