Local root exploit for BitchX. Note that BitchX is not normally setuid by default.
15287501f0909a92ceef2b952590a8030acdd609f74bc714559cd9bb0c867974
OTRS versions 1.x and 2.x are susceptible to cross site scripting and blind SQL injection attacks.
29a93f181ca50c41c945c33f389fbc58031fd5070257f52be573f16df9624226
VHCS version 2.x is susceptible to cross site scripting attacks.
a64c886730a27fa7f9e5d60cb54bd223035aa6ac5fd5675faa7317d401c18841
PmWiki version 2.0.12 is susceptible to cross site scripting attacks.
bb96806a02efeecb8751569e66d53ea1c75ed55feba3ba0f94f4ddad337c08d4
PHPP version 1.0 is susceptible to cross site scripting vulnerabilities. Exploitation details provided.
9f0b93533446c6334581e450749eed571af105c4644900f436f6f35f2981af5c
Remote denial of service exploit that makes use of a blocking feature in Cisco PIX 515E OS version 6.3(3).
7c07d9ecb298f2f95f46e5e969afcb9cb1a27c7b2e68bc042e1e63fd45406c5c
Torrential version 1.2 is susceptible to directory traversal attacks.
c7bf8e3081823b5976ffb184e97f79a21ce20602f215062939de5c7fbd892b2e
Proof of concept html that demonstrates the code execution flaw in the Microsoft Internet Explorer JavaScript Window() vulnerability previously considered to be simply a denial of service flaw.
617a8516e87cb9951f301659df5d7232892ba0344c9836a98fce3a000bf703ef
Nuke ET version 3.2 is susceptible to a remote SQL injection vulnerability. Exploit details provided.
6e87a2b4b8c3d665df6e02aeb92a7b4544566df507f4204295d374396fedcca9
The Google Search Appliance allows customization of the search interface through XSLT style sheets. Certain versions of the appliance allow a remote URL to be supplied as the path to the XSLT style sheet. This feature can be abused to perform cross-site scripting (XSS), file discovery, service enumeration, and arbitrary command execution.
37203d5c09bcf28fbbeab1859e32e21af017fb6069bd81867fadf9f42db4c6f1
APBoard is susceptible to SQL injection attacks.
c4a8b432f7e2718cab35efefc1c337b2c82a91e0a896aec9b7cd4861e85ca252
A flaw in Google's G-Mail system allowed anyone access to any mailbox.
13920fad28ecea1955b62c9880eee1f35a5562d14beb8983db8ccbe96c6896e5
Versions 1.5.3 and below of phpMyFAQ contain multiple persistent cross site scripting vulnerabilities. Exploitation details provided.
1604f67bacec514f508f5c7fc8b04b4dd59120438f0d160be0c7d0947450916d
ExponentCMS versions 0.96.3 and higher suffer from multiple vulnerabilities including cross site scripting and SQL injection flaws.
0e37e6100c4a811fd37043b68ef1990fb601a7fe98d28e1341cfc5d8a760dff6
Almond Classifieds has a validation flaw that allows remote attacks to edit classifieds of other users.
c2ea57c499f9b5d4f1dfc11fed136b3d188aacf69abec3c897afadb9253456ba
ExoPHPDesk version 1.2 is susceptible to remote code execution attacks. Exploitation details provided.
0fe620751940edd520eb7465d4674eb9fc92ce0c1f7953ab546c197a9ae44898
e-Quick Cart is susceptible to multiple cross site scripting and SQL injection flaws. Exploitation details provided.
c0917d9be89c6bc5d4582e3cd2501515dc90fef1c4bbd7dc0cd3d650bec70897
PHP-Fusion versions 6.00.206 and below suffer from SQL injection attacks.
5c759a854ef640ac086d20a4e6915f62b1f78fc833f667effd143990303e0ff0
iDEFENSE Security Advisory 11.17.05 - Remote exploitation of a directory transversal vulnerability in Qualcomm WorldMail IMAP Server allows attackers to read any email stored on the system. Exploitation details provided. Tested against Qualcomm Worldmail server version 3.0. Other versions may be vulnerable.
01a2547672aa0a6bf533fe4063a9e2b47e5039c817eda96685045473de319554
This Metasploit module exploits a buffer overflow in the W3C logging functionality of the MailEnable IMAPD service. Logging is not enabled by default and this exploit requires a valid username and password to exploit the flaw. MailEnable Professional version 1.6 and prior and MailEnable Enterprise version 1.1 and prior are affected.
7094ed083e302ef685862bc36e8a4e257722a626bc842428e2cb88d10634019d
This Metasploit module exploits a feature in the Saxon XSLT parser used by the Google Search Appliance. This feature allows for arbitrary java methods to be called. Google released a patch and advisory to their client base in August of 2005 (GA-2005-08-m). The target appliance must be able to connect back to your machine for this exploit to work.
82f85d75854b75afe8ab87082e0ea3e4d896a30bc0feaa556d1fd14f8dfcfc5e
Proof of concept exploit that generates a flash file able to produce a denial of service condition. Relates to Flash.ocx.
01789d31ef803e09d39f628f47de0dae1c6fc6b70fc2a37c64a85527961cbe23
FreeFTPd remote USER buffer overflow exploit for versions 1.0.8 and below.
8da2a5f3da96fa0cafbeead497312b5e06fcdbd17ce4badd50add24f1c732a7c
EKINboard version 1.0.3 suffers from SQL injection and remote command execution flaws. Exploit provided.
37aa21917625c66e3b965ff58b2a35944062c2cd2172cb40043662cf6e8ec5ae
KAPDA Advisory - XMB version 1.9.3 Nexus (Final) and 1.9.2 Nexus are susceptible to cross site scripting and html injection flaws.
297f8291e00f8750c205028ac1f0e9e23651d985c7c5fbfc6d74a6faf8f0d6f4