Advanced Guestbook version 2.2 suffers from a SQL injection flaw in the username variable. The SQL injection flaw for the password variable was discovered for this same version back in April of 2004.
f61e489b60efad5c4eda08398798cbbdef01b872ac38d8958e369bbe80739c1a
Hosting Controller is susceptible to cross site scripting attacks.
9177f651653cd03b8f7050039aa7280d2dcd1416da8d49e0127f4f47d917a413
Proof of concept exploit for AppScan QA versions 5.0.x that stages itself as a webserver and exploits a buffer overflow via the WWW-Authenticate header of a 401 HTTP response.
8e6c615c470e86daee1e69fc755f9f8e66eaf7382354ecd5c7fd8dc9c81e3cba
MarmaraWeb E-Commerce is susceptible to cross site scripting attacks.
130a2bb8c6d6b20e69d733c3c0bab05a1aea9a1cdc1bd7e972e738d868d97b69
LIMBO CMS versions 1.0.4.2 and below suffer from blind SQL injection, cross site scripting, local file inclusion, remote code execution, and other fun flaws. Exploit provided.
4d7f73b2b9ce04212d8673ee53a09e830c0b56830ddc389c64f6db002b24cbb4
IBM Websphere 6 sample scripts are susceptible to cross site scripting vulnerabilities. Details provided.
9e09a3297b7ac63c5723f042e60e68336089ae1baa79a68fb8a0de87ed180f05
PHPNUKE versions 7.9 and below suffer from a cross site scripting filter bypass vulnerability. Details provided.
b822066411260c1bad7f9ab633bb20601f987a203ef129643115c960a7336b8c
Microsoft Windows Metafile (WMF) remote exploit which takes advantage of the bug known as ms05-053. This program creates a special .wmf file which crashes IE by overflowing the "mtNoObjects" header.
8a69e2857d794a4dbba1f6eb8fe50a28af6da1e116e413522bef8d7a68279195
Counter Strike 2D denial of service exploit that affects versions 0.1.0.1 and below.
cb1001e86d9a7f9bccd81b9253e0b87ff9acbce3407259d4304e537114d3c854
This Metasploit module exploits an arbitrary command execution vulnerability in the HP OpenView connectedNodes.ovpl CGI application. The results of the command will not be displayed to the screen.
d646fce74ad83e7e6272baf588f3dee72965b9ac4d3228c55902d45feeb20878
This Metasploit module exploits a stack overflow in the authorization code of the Oracle 9i HTTP XDB service.
4f4b1da5eb055a4a7fb509da7b708e276fbf6eb7e21f623f4d5f462f7c6375a2
Proof of concept exploit for Firefox 1.0.4 for the InstallVersion.compareTo() vulnerability. Needs functional shellcode to work.
1ee1c947181c895864e1192cc8eba3c0c8fee83ced31bcb342f003342522e9b7
ADP Forum versions 2.0 through 2.0.3 suffers from a direct download flaw that discloses users' password hashes.
994153cca5049cdb9d666d542a704146567edfd41e3d7d5c0530e89ca29a65af
PhpCOIN version 1.2.2 blind SQL injection and remote code execution exploit.
e6491b9115632445f1126b4ada53cf24b74da78938376be7c8910c4a2dd5712a
PhpCOIN version 1.2.2 remote code execution exploit.
530d3b16ddc3460e10120364301c0eaa44d6ac142a89ea0f60a8aebd1f7a7f58
PhpCOIN version 1.2.2 is susceptible to arbitrary file inclusion, blind SQL injection, and path disclosure attacks.
ccf829e31e902456ba3a368066bf407b79e58fa4c14c4e4c4b37ec709e45bd34
The BTGrup Admin WebController script is susceptible to a SQL injection attack.
b719868fda75ccd00a066f7b0e6d235e7c927652ad88980c526e0c0fdd2c7e0a
Direct download access of the setting.php file in IMOEL CMS allows for disclosure of the SQL password.
5a036ecf1cada1215eb1d1841f9db1825d1b5e76ddb379b1d75ba669e51bbb2b
SEC-CONSULT Security Advisory 20051211-0 - Horde versions 3.0.7 and below, Kronolith versions 2.0.5 and below, Mnemo version 2.0.2 and below, Nag versions 2.0.3 and below, and Turba versions 2.0.4 and below are susceptible to cross site scripting attacks.
c971b6b1b86188e28d857b6287052b9a960d81bb8b8bd7a342c6654bae0023c5
Arab Portal System version 2 Beta 2 is susceptible to SQL injection attacks.
8ed542c8bb2e68c258ca9db9f331286de134518d34e2f75051d1229618818683
MkPortal with smf forum is susceptible to a cross site scripting flaw.
07ddae4cf44667caee7686ee02625360231af132193d53ab07005122af6fcff2
Blackboard versions 6.3.1.424 and 6.2.3.23 (and possibly earlier versions) are susceptible to login bypass, spoofing of announcements, and proxying flaws.
331a49af627787883419c0c9e4460b5e8ad05d06e93206251a257c4c6560b7f4
Flatnuke version 2.5.6 privilege escalation and remote command execution exploit.
25dc4a2e2a4d20de1336f594f2ac821a8a7f71669a46f73405a64777584cc7e2
MilliScripts version 1.4 is susceptible to cross site scripting attacks.
e231cd1c693f770d8da728ef294316ce1786e3778a07d6a5e8e480fd07fe33f8
Simple Machines Forum version 1.1 rc1 is susceptible to SQL injection attacks.
fd048e492eda40c3d6301b7ec2d684adefb8d1c98ef0a539b0d176e3ac246fc0