Serenity Client Management Portal version 1.0.1 suffers from a stored cross site scripting vulnerability.

phpSound Music Sharing Platform version 1.0.5 suffers from multiple cross site scripting vulnerabilities

WordPress SupportEzzy Ticket System plugin version 1.2.5 suffers from a stored cross site scripting vulnerability.

Who’s Who Script suffers from a cross site request forgery vulnerability.

This Metasploit module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as “Sandworm”. Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 are known to be vulnerable. However, based on our testing, the most reliable setup is on Windows platforms running Office 2013 and Office 2010 SP2. And please keep in mind that some other setups such as using Office 2010 SP1 might be less stable, and sometimes may end up with a crash due to a failure in the CPackage::CreateTempFileName function.

This Metasploit module exploits the Windows OLE automation array remote code execution vulnerability. The vulnerability exists in Internet Explorer 3.0 until version 11 within Windows 95 up to Windows 10.

Joomla HD FLV component version 2.1.0.1 suffers from a remote SQL injection vulnerability.

Prey Anti-Theft for Android is missing proper SSL certification validation that can allow for denial of service and security bypass.