Pixprod suffers from a remote SQL injection vulnerability.
4f14da5e2eba7ca7a8a87f39094df5b3d376593cf4a135c3881900789951bcc1
This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.
5a5ef1d851e7541e28de7b53546932d0881adc18c9f19c4d8ea20156248a6ea5
A SQL injection vulnerability in Clipbucket version 2.4 RC2 645 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
6f0d10f78695697be08aaad71f69ebf5932985db42e1fc464f2a06ce15f1d538
A local file inclusion vulnerability in eGroupware version 1.8.001.20110421 can be exploited to include arbitrary files.
07ccc0d9a68de349319a1eceb37a6094b2810ad1e924bc4870669646a7b55753
An open redirect in eGroupware version 1.8.001.20110421 can be exploited to redirect users to an arbitrary URL.
b4a29e3964e1d7bd72995d10043cf6c74cf999a044fb3fe26884221a0473da93
PHP socket connect() stack buffer overflow proof of concept code.
6abcba91bf7177e20f4ef770653563e589f25adaafe8dc216b107fff5b5e35b9
ExtCalendar version 2.0b2 suffers from a remote SQL injection vulnerability.
a974fb64b525dccafa700ae21ce599ff3b55f0bc16632feaf5ecc4351c58d005
The Joomla Shop component suffers from a remote SQL injection vulnerability.
5c1c7436095eb4f29d0aa7816ab894e560cc003e2fd802174240f3410ba875fc
Gadu Gadu suffers from code execution and cross site scripting vulnerabilities.
612de9e01fb3921205f432c253275a1342b0c96c78cbdfaa821e87c81d36a69e
MidiCMS-WB 2011 suffers from shell upload and local file inclusion vulnerabilities.
208ae1ecbeafba74477bec78c0fe421408df5ffb73b5d5c458d19fba8d13b108
phpScheduleIt version 1.2.12 suffers from multiple cross site scripting vulnerabilities.
5db247863aca225f49b9243807c5dc59e5a3bc6b60f4f9d1fa36ad4b3787f23a
Ajax Chat version 1 suffers from a cross site scripting vulnerability.
7c4c8b263ac25b470d2fcc65c9497d70fa344da56160fcef220629ef9e0be30c
This Metasploit module exploits a vulnerability found in VisiWave's Site Survey Report application. When processing .VWR files, VisiWave.exe attempts to match a valid pointer based on the 'Type' property (valid ones include 'Properties', 'TitlePage', 'Details', 'Graph', 'Table', 'Text', 'Image'), but if a match isn't found, the function that's supposed to handle this routine ends up returning the input as a pointer, and later used in a CALL DWORD PTR [EDX+10] instruction. This allows attackers to overwrite it with any arbitrary value, and results code execution. This Metasploit module was built to bypass ASLR and DEP. NOTE: During installation, the application will register two file handle's, VWS and VWR and allows a victim user to 'double click' the malicious VWR file and execute code.
3771df4f4d30f18e8cb453cb8d601bc178761d31e4917dee0ed0a0b741354001
A local file inclusion vulnerability in i-doIT version 0.9.9-4 can be exploited to include arbitrary files.
52a9b9169ca306d800de413e011278eb8a9c4f4505cb2feb9cfbf83548157563
A reflected cross site scripting vulnerability in Kryn.cms version 0.9 can be exploited to execute arbitrary JavaScript.
213e1323be07a09911ac491c2a360c8e3bad5c1e89cd12449b9a1f9e958cfdb0
A reflected cross site scripting vulnerability in Mollify version 1.8.0.1 can be exploited to execute arbitrary JavaScript.
bb09a4697999e438ef9324e2a4aa75ff6e9e12abebe784e104208832691a00c6
A SQL injection vulnerability in Tickets version 2.13 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
c431ef63087479c5f7cef25ab0f5c57198520d1f22a0d80a8bb9f499614666e5
Drupal version 6.20 with Webform 6.x-2.10, Drupal version 7.0 with Webform 7.x-3.9, and Drupal with Webform 5.x-2.10 suffer from a cross site scripting vulnerability.
86969780e0c29c50c061717a7410ebf22550a712b72b091795725d2c804bfc1d
HP System Management Homepage suffers from multiple cross site scripting vulnerabilities.
99f2488279fb151519b0edb33eb7e2752234eacfbf392e7175fe011728ee9565
ChromeMedia suffers from a remote SQL injection vulnerability.
01493938394e0b17f9e89ff245a6bfa7e5bcfbd008998c2a913637a23baa26aa
DH Softwares suffers from a remote SQL injection vulnerability that allows for authentication bypass.
410b2c17a9e708f0ba5f04f886bc84eb163b11c3129e8b82fc0d61d17b0fc02d
MyLittleForum CMS version 2.2.7 suffers from a cross site request forgery vulnerability.
14e6e66435a53833bcda7aa41eab9b80dd510a2288bbc2e34a9840ac5ba5d0fa
PHPortfolio suffers from a remote SQL injection vulnerability.
62dc4a80e02ffb18337e7b79c68167703140c2feff8678668e1f9ed4f374a26d
Ciphertek Systems suffers from a remote SQL injection vulnerability.
3258da923af890f689cd8b8f1db4a4d9d287ebe71e2675a290e4ffa4e84c938a
MODx Revolution CMS version 2.0.8-pl suffers from a cross site request forgery vulnerability.
045fc5d2aee5d4ef3cf85cfc1b2dea4422aec2b42af4c158ad0506ddb66aa488