The modules.php script in PHP-Nuke is susceptible to cross site scripting attacks via the query variable.
febc939a7a6f6974420c3354f6878f0795066b420c51b71a67b56d3730be1752
phpCommunityCalendar 4.0.3 suffers from login bypass, SQL injection, and cross site scripting vulnerabilities. Full exploitation details are provided.
75d14e631a17b9753a1d296cc1655d186f8c951813db84d623522caced0ca2b9
Man-cgi/Man2web/ManView remote command execution exploit. Tested against Man-cgi 1.11. All versions are affected.
3300bb4e9b0b107c205b3358667f3e44b2322107d91b974768b345a5d6beebc5
CUPs 1.x denial of service exploit.
ff8f9da2b2ed05af80951b23e43eb74ed987f6722dc4d1ea584c2d80c7787aa3
PBLang 4.65 and possibly prior versions suffers from remote code execution, administrative credentials disclosure, system information disclosure, cross site scripting and path disclosure vulnerabilities.
84a134af30b6692cbf66438fd56695b6abe5c6c2dea7995c936cbf3e2c321475
Proof of concept exploit for the Free SMTP server versions 2.2 and below spam filter vulnerability.
b485079266d6c7fe72d7da767cc57e2c2566ce8afd5ee06e61f7f8bda14d8d9a
MS05-018 windows CSRSS.EXE stack overflow local exploit version 1.0. Systems affected: Windows 2000 SP3/SP4 (all languages).
9c1056b4ba445574dabd5303c06b7ba842e5dcfa7223af9c95e2b901dd7205fc
All versions of MyBB suffer from cross site scripting attacks.
3c0d0eb7558a6e11df2060e31d9588a96c78988c96cbd18c3cc63f9be9ca13d3
aMember Pro 2.3.4 is susceptible to a remote PHP file include vulnerability.
e826f8dad2f582fbaf38fdb09b5c49dba4e0e2ddbcdce640cb8c10b9c2c41156
Proof of concept exploit for Realchat version 3.5.1b that allows for user impersonation.
f4c1139cfee6a3ba25b5722799f246a9759ec17aa2936d739329ab923d7ffe9f
Urban 1.5.3_1, part of the FreeBSD ports collection, is vulnerable to a stack overflow when handling the $HOME environmental variable. Since urban is installed with setgid games privileges, privilege escalation is possible. Earlier versions may also be susceptible. Proof of concept exploit included.
b4fa91cfa2c177e64461bac4e36029a755502d986f5de31f6bfe695b11b11cb7
Open Webmail 2.41 is susceptible to cross site scripting attacks.
93ea05d29c12a308bbb9e008504aac101b3c0d0d4be430fd8246c908adafe22a
MidiCart ASP Shopping Cart, evaluation/standard/pro versions 7, are susceptible to cross site scripting and SQL injection attacks.
506319fb974fb904b22b77946fbfc9a8bcc55cd7e82544174c57fbeedc98c389
UNB 1.5.3 suffers from a cross site scripting vulnerability.
bcdfab728782930cc3fe3a6725314f4a5cd5506229d2ec320472965ad0e0384c
Cyber-Cats ChitChat 2.0 permits cross site scripting attacks, allows for user launched attacks, permits insecure file deletion, and suffers from other vulnerabilities.
bc678c07887a690d894b31d8adac6732edf83b236bee11457c029622a54e1439
The FileZilla client stores passwords using a weak XOR 'encryption'. The value of the cipher key is static and can be found in the source code. This vulnerability has been successfully tested on versions 2.2.14b and 2.2.15. However, it is suspected that most previous versions are also affected.
637a74e948d0d2743a1666cf0c8f157510b94187658ebc3cb5fd4b191d073685
Phorum versions 5.0.17a and below suffer from multiple vulnerabilities. These include cross site scripting, session hijacking, and insecure creation of client cookies.
fd582ffea9a21051966c9c345b65387b1f491e38c0f6dd3710128bf72d79ec31
Multiple vendor web scanning utilities suffer from script injection vulnerabilities. These include N-Stealth Commercial Edition versions below 5.8.0.38, N-Stealth Free Edition versions below 5.8.1.03, and Nikto versions 1.35 and below.
5d0cd9d18bf2bcdf2c6d9c6188b8e53f8a16bdf7b1d3e239bb9c4656783da2e8
The Barracuda Spam Firewall Appliance firmware versions 3.1.17 and below suffer from directory traversal, remote command execution, and password retrieval vulnerabilities.
42ec53e2eb500afc8a902f37140fda794ff5018657eb32d4ce443924ae4d2560
frox is susceptible to an arbitrary file reading vulnerability.
f1954b09f95e3629bbbf09478eac712f065089fa823d8803b13161873d5677c7
CMS Made Simple versions 0.10 and below suffer from a PHP injection vulnerability.
eaaf1cd11086529c82349e0c99e89249a1e49ad61de9bee0d83756d952c573c5
Symantec Anti Virus Corporate Edition version 9.x suffers from a local password disclosure flaw where anyone on a machine can view the LiveUpdate password.
3602a1f8789a77097cb106d03d1fca95de7f9729820526784e1224d3b004dfd0
The Greymatter web log is susceptible to cross site scripting attacks due to a lack of sanitizing user input variables.
9a6ac05247565679ec98478e7fec51b5f488f164937081e3e2464140497af458
FlatNuke version 2.5.6 suffers from directory traversal, cross site scripting, and path disclosure flaws. Detailed exploitation provided.
d101583d43549fbc086e9bb7640143fee06c21385d6fb8f4ae7bbb4c27f919da
Exploit for cPanel versions below and equal to 9x that takes advantage of a remote command execution vulnerability.
6e74cd53627a40348b129b2f8f7c66f2eb17564e01d5469e32a0bb3e9bcee9c5