XLAtunes version 0.1 suffers from a remote SQL injection vulnerability.
dde38073e344100580055755aa76a796711601591b76ad13cbc59d75f627cfdf
PHP-Nuke Module Emporium versions 2.3.0 and below remote SQL injection exploit.
00f09aff0f439324690fefd55611957bf69bccc9fdea1046715f9242abd18b50
ProFTPD versions 1.3.0 and 1.3.0a controls local root exploit that binds a shell to tcp/31337. This one works for the 2.6 kernel series.
e0a4c6200d855daaf07102fcb5e84b2ce34bf9775307a3c4ea16a0e2bec9460d
ProFTPD versions 1.3.0 and 1.3.0a controls local root exploit that binds a shell to tcp/31337.
62ebb6b9d642bc1e0e8688dea06dbc7bbe61c1d6177fa589d23cb7b06aaaac39
Axigen eMail Server version 2.0 Beta format string exploit that binds a shell to port 31337. Not tested.
d4dfadea56d28688f25905704c1467b0799e27dc364b287d7e13e9b502f81617
Mail Enable Professional versions 2.35 and below remote exploit. Binds a shell to port 1337.
e0d2bc41213f8df344b05c9e1cb7d29e08fa9991918f5ed0988151e5dba195bf
Mail Enable Professional/Enterprise version 2.32 through 2.34 remote exploit. Binds a shell to port 1337.
1f224f2f0cc7562a879bfed65a13fe325aac84ab7363a3445e180ebe169dab82
Ezboo webstats allows direct download access to sensitive files.
98b971822d83371daf9e1ac87f57779dddec2f1b9466acc9bd00b32bce1b5101
Dem_trac allows direct download access to the system's log file without authentication.
0a6ee88fe524abf3237707f4d054281e61b1be6a067851da17ec3b1e5cf68970
CedStat version 1.31 suffers from a cross site scripting flaw.
7c369dd26b74e39e355b50e8e14bfd987b7e85fe167c1a3e059f17026773fa54
Deskpro version 1.1.0 suffers from a cross site scripting flaw.
98388b8272f65311f0f7e0e76cab765986f7bad634587909c97895657c6e47c8
Calendar Express 2 suffers from a cross site scripting flaw.
4cd8e3c4c7d682bf25243c763aebbe13a15f3a74ceb537e15ea4ed2e36b77ec2
Lotus Domino versions R6 and below Webmail remote password hash dumper exploit.
ad22d459010ddc2813609f50832c4ec30e103ff1c2e8748027b6e972b7278f8f
Portable OpenSSH versions 3.6.1p-PAM / 4.1-SUSE and below timing attack exploit.
f25691280caf5c0610c2c430c5e76c98a08e326e070c34a498599bbe58fdb48f
Jupiter CMS version 1.1.5 suffers from multiple vulnerabilities including SQL injection, cross site scripting, local and remote file inclusion, and more. I think it should be a do-over.
29e4e1338ce8216c5004ac09b14b7abd2b0eea6f1b8b9af2df13bcfda27ab063
MailEnable Pro/Enterprise version 2.37 proof of concept exploit that makes use of an out of bounds memory read in the NTLM authentication routines.
8232149536e1a3a79572b4f8e18e033b75359eb3dae51b2236c5f1c0d6873713
MailEnable Pro/Enterprise versions below 2.351 proof of concept exploit that makes use of an out of bounds memory read in the NTLM authentication routines.
0eb226440d272dd7b50d84b1d0e45df785d10d57377fc564492aed8c271a5494
Fullasprite Shop suffers from cross site scripting and SQL injection vulnerabilities.
8b4d6c7d3207f56842ddc881b543ce27ae0c485daacf664de9dfdcd194b7c26f
@Mail suffers from cross site scripting flaws in search.pl.
cdf13de4e84068e74d685d8467c21e617c726c0f6d643e8f86bb79615577b91d
Inertia News version 0.02 beta suffers from a remote file inclusion flaw.
86b4496ff2beecf1499ff97f3f99f09b4c03c0f04e5f9a01294ebd744318d8ab
eWay suffers from a cross site scripting flaw.
68e5cef611ac34292088eae37b7bbb98b404977121d26f4011f8db918b457bd4
www.splinder.com suffers from a cross site scripting flaw.
6c042b9b540a40ea9a4fff8746e2e01d18701d9c89da1d6dbc86aa648cc5d4d3
Raditech's Portal Search suffers from URL redirection and cross site scripting flaws.
4e870c54f6163a70cd45f4f54c1408c2ceb18c69c84e3d2741bc5f8e6790d1fa
Miniwebsvr version 0.0.6 appears to be susceptible to a one level directory traversal flaw.
e4a1d7d3b80e79f93838d2c8f59e236705a2a65ce62953485b6d42a12fec6fa1
PHP RRD Browser versions below 0.2.1 suffer from an arbitrary file disclosure vulnerability.
28ed47f78f884651caee9b78a4633b35de6589214231d8d99dc0548005a1ef66