WeBid version 1.0.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
0bce39b5bffc7a4bc13046662ad8b39b8fab588076ace249f26f92528f70f715
This Metasploit module exploits a use-after-free vulnerability in Internet Explorer. The vulnerability occurs when an invalid object tag exists and other elements overlap/cover where the object tag should be when rendered (due to their styles/positioning). The mshtml!CObjectElement is then freed from memory because it is invalid. However, the mshtml!CDisplay object for the page continues to keep a reference to the freed <object> and attempts to call a function on it, leading to the use-after-free.
b32377ac3beaa1414985310c6140cd9cbefd81ce42b9a9337bf648771c0e9476
Catalog Builder Ecommerce Software suffers from a remote blind SQL injection vulnerability.
3df96bf5d62f699c6baa24fc854ff38e301e72d6f21d5b4ca4a33470d1ec10f4
German AD-Free suffers from a remote SQL injection vulnerability.
2f32c4704950dcf266779f8c67db34ff86684399f3f12c1ae208702d54cbd686
Core Security Technologies Advisory - The administrative console of IBM WebSphere Application Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform unwanted actions on the IBM WebSphere administrative console, by enticing him to visit a malicious web page. Versions 7.0.0.11 and 7.0.0.13 are confirmed vulnerable.
c5935cba98df6fe3be07143a413aa1c7d1b1b171f7643b662db9f9dff22ce27e
Boybdream Shop suffers from a remote SQL injection vulnerability.
3883c1aaeb4f120c3da6af09888136221af6724ffdeabf928c1e93621a7cdaf9
BeVivid WMS suffers from remote blind SQL injection vulnerabilities.
15b15b7f28474bb6603bb5e824386ef856f5d961e9818c0d9c7ce5608c1a94ab
Free Simple CMS version 1.0 suffers from cross site scripting and local file inclusion vulnerabilities.
fac147387be53cf36a5687dfa3256cc2c8681237448aa792693644fe4bd61c25
AMHSHOP version 3.7.0 suffers from a remote SQL injection vulnerability.
e0879ae255ea343ce1b420146ed2b5fbffb7b8a0820861b78b6199faa529d31e
Gogago YouTube Video Converter version 1.1.6 suffers from a buffer overflow vulnerability.
a8e7476b1fa45772eef93c121c447ff805b723e82f590b95bf69176acd606937
Core Security Technologies Advisory - A security vulnerability was found in the driver 'vmswitch.sys', associated to the Windows Hypervisor subsystem, allowing an authenticated local DoS. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. The impact is all guests on that host became non-responsive. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability.
91762eded6d6cb85d92e2b2d56180960888179b29b556d5094c71c5746715573
The WordPress Wysi plugin version 0.0.2 suffers from a shell upload vulnerability.
8d9e486111ef64c9e44b4735f860662342db16afdc037f7b4f8a2d7a59a04007
Infopublica Solutions suffers from a remote SQL injection vulnerability.
96883a882fa9a9d86380171a96ad677d61721fa56762bf54a327ccd9d402bfe2
vBulletin version 3.x.x with the vBTube version 1.2.9 add-on suffers from multiple cross site scripting vulnerabilities.
e7f22f85242668c8be470d27ff17b6110ad159892ef6a775b8c5c662c0fc2ff9
Proof of concept denial of service exploit for Windows Media Player with the K-Lite CODEC pack.
26133347e03447d3d2e2d73f9d6939ab76ee3ad49c5cfc96136f6cbc5bc695f8
CubeCart version 2.0.7 suffers from cross site scripting and remote SQL injection vulnerabilities.
988a9c3a3598b0fae75a81847ac6d209b66747f1353950e522e2dca81f228937
Oracle HTTP Server for Oracle Application Server 10g version 10.1.2.0.2 suffers from a cross site scripting vulnerability.
5605a7900ae46fcd7c6417e203f5ed51d69bdc5e60c926f300ac380833c937aa
PHP Nuke version 8.3 MT suffers from an arbitrary shell upload vulnerability.
181c0fcc602b1deb943f8fdeb52a8071760462be19ecfb091d5e21fce82afd2c
Vitaminedz suffers from a remote blind SQL injection vulnerability.
b6e3107bd47facb38e4641043cac3190a5677f7807ed93479482b8529cb9bbf9
Microsoft Lync version 4.0.7577.0 suffers from a javascript insertion vulnerability.
9acd1aca4807a7c979ac9855bff7008e1cc076bfe2053fcb09c6116d049ef43d
Technofact suffers from a remote SQL injection vulnerability.
35da100d665874f66ccdc76228dbfb685e6d20a5480848ce5fad0ee92c007c87
Web Application from Site By Wapps suffers from multiple remote SQL injection vulnerabilities.
0926f0d36a2e55d88c1da6d9d937205a25aa30e31c182361a61a3d848279507a
MGF suffers from a remote SQL injection vulnerability.
295783e50df681bff1aef24000e8ef3fec57383912b9bf79e07a36243c6d03a3
CyberScribe suffers multiple remote SQL injection vulnerabilities one of which allows for authentication bypass.
96d942971f20795194b658222aec09900cee4b458b7f27034bc4247c88aac75c
Athollsweb suffers from a remote SQL injection vulnerability.
e37d712df6637b966e55d2cf9e9a7d7853d6a66019e64af337a9117ea40ca378