Toko Lite CMS version 15.2 suffers from multiple cross site scripting vulnerabilities.
1e375defb0b70ff576bb4ab30105128e41f023f56c06f5adc032a0786038ed7c
Aspgwy Access version 1.0.0 suffers from a cross site scripting vulnerability.
78db463e58965c529a5c4a6614d17333f3c19ce080b1a06db7603e8385da93ae
WordPress Filedownload plugin version 0.1 suffers from a file disclosure vulnerability.
7caf8797e03a291467364c0a1cd9e428d63613b9a7870a60ea2e99e43d1090f5
KnFTP version 1.0.0 buffer overflow denial of service proof of concept exploit.
c8dbba0550733b7b64cb6fcc1db09bc11f418b3fbd9cb4822b7d529e0ff3a3f3
WordPress Count Per Day plugin versions 2.17 and below suffer from a remote SQL injection vulnerability.
13411fc482f31ec413a312166f4d200c9694acd983163be252b527555f7f53be
Crea Boutie Pack Pro suffers from a remote SQL injection vulnerability.
be2883477e9a10271cfb2d27b81464e931af4d547ee874ceef536539c10cf9b4
Car Portal version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. This is the same vulnerability that affected version 1.0.
b81d1ba1dfa5f5b4abef4f68cf9938f66968aba574bf0980b51df453711c74a0
Gocommerced suffers from a remote SQL injection vulnerability.
ac58034dc5ee533d56b1631792312f1f176fe4948b30ab27b8d3264bc6b93913
Asp Basit Haber Script version 1.0 suffers from a remote SQL injection vulnerability.
281f3148cd8070695b7c5c5173f62525cc90b0bbe3c9488308af102fbf0ec75e
Evidalia Web SL suffers from a remote SQL injection vulnerability.
728d0e460ebe21bf1be2fa6456a0431f31ee1417520e8d755510f9bdd5e12f59
Gap Infotech Team suffers from a remote SQL injection vulnerability.
0c533653c8f4f325211b46563d50b92350ac07b7c88efca7e10fddc4159ddb74
Ayco Resim Galeri suffers from a remote SQL injection vulnerability.
2a43eb8a26e24822918c2d627e91acf86d45a50fb539d8fba37894531a9d7c03
Ayco Emlak suffers from a remote SQL injection vulnerability.
f8bce656a88e6f072ea08c8693bc9c35408a509bd88b81b3c2a079ff6b47e6c9
Ayco Shop version 1 suffers from a remote SQL injection vulnerability.
4201607e8da71b96f886977104a9a7448011c0dc9aff47e895ced50a3ca620ad
JlWeb suffers from a remote SQL injection vulnerability.
38b0b10c7ef3e1a4d29db9ba17f815ab72c315e078fa5c1e9cd493adde76faf5
KnFTP server version 1.0.0 remote buffer overflow exploit that leverages the USER command.
ad1af12d60d187a995b54043229d49d25f922fbb2e08bf4d92ad939e4049bace
iGallery plugin version 1.0.0 suffers from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
649c0e5f670adcc02d2f48ac41bb3b9dbf1473ba6e21da4a9bebd40f9b3f7896
iManager plugin versions 1.2.8 build 02012008 and below suffer from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
4c4c2b763221737d36a6acfffd6dbb477bc08d64d63061a263200f70c4504d7a
iBrowser plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.
2107ed08679b3cadf3a5612f0068b8a88d9524b1ecc47a00f4761fae255d7405
iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.
63d8ec3f4d364c44e15e1df3ae54eb79901968d0e854a24fdc9ff42dc237090b
PunBB PHP Forum suffers from cross site scripting vulnerabilities.
d8d3793a6fcf75cc7f7df0ecb723320bdd09dc088958cdb60f390cfd39f87be9
This Metasploit module allows remote attackers to execute arbitrary commands on the affected system by abusing a directory traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.
802baf0283f3035901e556177c67bc14ff8b62fa5e4ccd9e691b0fd5740792be
This Metasploit module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted "fmt" chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.
cce2bc3fede3c402a04087782f79fa183476cf2dbb4148275dc851a1d3272199
This Metasploit module exploits a stack-based buffer overflow vulnerability in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone. By doing so, an attacker can execute arbitrary code as the victim user.
e57c5d7bb2afa78df530127adc494c09c01ecf0da39129aaa47ac10c126368d3
iManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
d0cf4e6a0566ee44420d01dd97fde3f21f7a6d484e9d9448f4b1f6a0c32cc43c