NUUO versions 3.0.8 and below suffer from an arbitrary file deletion vulnerability.

NUUO NVRmini, NVRmini2, Crystal, NVRSolo suffer from an authenticated ShellShock vulnerability. This could allow an attacker to gain control over a targeted computer if exploited successfully. The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and Unix.

NUUO versions 3.0.8 and below suffer from OS command injection vulnerabilities.

NUUO versions 3.0.8 and below suffer from a file disclosure vulnerability.

NUUO versions 3.0.8 and below add administrator cross site request forgery exploit.

NUUO NVRmini, NVRmini2, Crystal and NVRSolo suffer from an unauthenticated command injection vulnerability. Due to an undocumented and hidden debugging script, an attacker can inject and execute arbitrary code as the root user via the ‘log’ GET parameter in the ‘__debugging_center_utils___.php’ script. Included is a remote root exploit and an nse file. Versions 3.0.8 and below are affected.

WordPress Ecwid Ecommerce Shopping Cart plugin versions 4.4 and 4.4.3 suffer from a PHP object injection vulnerability.

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

WordPress Welcome Announcement plugin version 1.0.5 suffers from a cross site scripting vulnerability.

WordPress Selected Text Sharer plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.