ManageEngine Service Desk Plus version 8 suffers from a directory traversal vulnerability.
4f147a402469540bda70a2d4460e60ce17cdd395e97084b88ed6877689a53c33
Kofax version 2.5.0.933 suffers from an arbitrary file overwrite vulnerability.
3281c8b5dece97ac0a85e385b7de5c6f12504838d5c29db6be1e5e33f9c43352
FanUpdate version 3.0 suffers from a cross site scripting vulnerability.
8aa6260c4a3817754f9c4fb660d63880ee97da901ced7c5af5b923f779758630
iSupport version 1.8 suffers from a remote SQL injection vulnerability.
2b710744b5d40ea4085cc2528feab9d2b8211d10b452dac2c9cbbb977f110275
BrewBlogger version 2.3.2 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
9e5309251f26557177e8598963e20674f5b3b572bee9a84c821b9eea97682ff6
This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.
eefc2e2dd1a8e6e3d6bbd51968ba293d8582140300ddd65d9a563690a5bf114b
This Metasploit module exploits a buffer overflow in Sielco Sistem Winlog <= 2.07.00. When sending a specially formatted packet to the Runtime.exe service, an attacker may be able to execute arbitrary code.
ad560ed7c2b5c2b085b3af27e95252ee83dd229a20d5349ee20068a8929d360f
Sitemagic CMS suffers from a directory traversal vulnerability.
6b480a073a294ad63da8d569a12e8ffa57a5e07c8a301358a24e317656464735
The IBM Web Application Firewall can be evaded, allowing an attacker to exploit web vulnerabilities that the product intends to protect. The issue occurs when an attacker submits repeated occurrences of the same parameter.
dd1e9c94795aba4ffecf00c4d23acf69a25e54a0a279d3b90a3b780c202eb617
Sitemagic CMS suffers from a XSS vulnerability when parsing user input to the 'SMExt' parameter via GET method in 'index.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
8e9bd0f1156742f2d83faa0606fca5304a8e3b055624c9077f24c1a8e274c310
This Metasploit module exploits a stack buffer overflow in FactoryLink 7.5, 7.5 SP2, and 8.0.1.703. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by Luigi Auriemma.
180a8907d61d69a4ded59759afdcd03ea9f1757008b99fd69ef2a1c78f4f6f23
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.
c654011b0b3147d7a6b19b80df3e17b7fd597bafa54d127293006bedf2615b9d
Blue Bison Script suffers from a remote SQL injection vulnerability.
7880a3ca3557c50dac2f14276792af3c24e1534ae07085756946b9256c400508
EA Sports aka ea.com suffers from a cross site scripting vulnerability.
2de1463eb99e58c2c78410d7068ed00f86ce8bc9e7e49e6c254af72e509df958
If-CMS version 2.07 pre-authentication local file inclusion exploit that leverages the newlang parameter.
54e0d5a2b5475f09684e3d5e161e928ef2258de0b02c152c7f1fffea225f343d
DreamBox DM800 versions 1.6rc3 and below suffer from a remote arbitrary file download vulnerability.
9903b5996d825cd58d3ca550b02438e32094e98f800883c5f8767a40223d9173
XnView version 1.98 proof of concept denial of service exploit.
fa100ee8b79f5fb0993035b6b1c6a7e65a6470c5a1875b1e5858ec2c67f26a4c
WordPress WPtouch plugin version 1.9.27 suffers from a URL redirection vulnerability.
f8562a4052d763ce8f06be98cb6f666931c4d1ca5979a972efdf6d7356ddd647
Netclues Script suffers from a remote SQL injection vulnerability.
7466898a8173b4a6fb7bde676af273b9ffb156a034decea427209d212c0f256a
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0).
865b5dfcca02d2a6aa7a695fab5ecd9bed1fd762899a653cfbd3f158ed37c831
Black Ice Fax Voice SDK version 12.6 remote code execution exploit.
b74e8d9fa16afc7c5be868647ea87134dbc15594a5e17358904cc7728f7d2012
Sites design and developed by Websitesforless suffer from a remote SQL injection vulnerability.
704b2ff619fb0ca688b25b26b38ee4879707069293e87386769068946eea8a6c
KievShina Designs suffers from a remote SQL injection vulnerability.
25451833c3581be1ba00d7a08b2a6337c53b0df11201d10314d6f5a2b6323977
It seems that sites owned by Time Warner all seem to suffer from the same remote SQL injection vulnerability.
7d0cd865ece7e4f89ead8ca54d236b8177481b0c9e9babfeb8374961805c5119
EssentialSoft Sales Force Automation Systems suffers from a remote SQL injection vulnerability that allows for authentication bypass.
27ce6d8c26ec03e95b0df00e1d7092bc44217f3c5d9e27a494d26594ab3df74b