Dolphin versions 7.3.2 and below suffer from authentication bypass and remote command execution vulnerabilities.

Reason Core Security version 1.1.2 suffers from an unquoted service path privilege escalation vulnerability.

CMS EditMe suffers from cross site request forgery vulnerability that allows for privilege escalation.

A specially crafted web-page can cause MSIE 11 to interrupt the handling of one readystatechange event with another. This interrupts a call to one of the various CElement::Notify functions to make another such call and at least one of these functions is non-reentrant. This can have various repercussions, e.g. when an attacker triggers this vulnerability using a CMapElement object, a reference to that object can be stored in a linked list and the object itself can be freed. This pointer can later be re-used to cause a classic use-after-free issue.

phpWebAdmin version 1.0 suffers from a remote SQL injection vulnerability.

txtforum version 1.0.4 remote command execution exploit.

There are a number of problems with the security model of 1Password that results in the local security model being disabled, as well as a number of security, sandboxing and virtualization features.

Apache OpenMeetings version 3.1.0 is vulnerable to remote code execution via an RMI deserialization attack.

Schoolhos CMS version 2.29 suffers from code execution and remote SQL injection vulnerabilities.