WebSkinz suffers from a remote SQL injection vulnerability.
c323f211d653bedde9efd56a560f8ab5ee6d481a27de0f4e5f477ebd1bedcdee
Cisco Nexus OS (NX-OS) suffers from command injection and sanitization issues. Nexus 7000, 5000, 4000, 3000, 2000, and 1000V are all affected. MDS and UCS are also affected. Local access is required.
47ed64acbc222f10e010b71d8e52e2cba99ae9f8d77b045062214f7a5253578c
This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
631d430623b1bdaf08c10284315fb2752c47e9e4c998de80b05ea83f243e5517
This Metasploit module exploits a stack based buffer overflow found in Cytel Studio <= 9.0. The overflow is triggered during the copying of strings to a stack buffer of 256 bytes.
54cba2669ee78e390a6c7b20623fad6a9b5c9f2f49e59b8a55adc94afd84b482
Core Security Technologies Advisory - When the install script for e107 CMS has not been removed, an attacker can "reinstall" the application using arbitrary parameters. If the attacker puts a valid MySql server followed a semicolon and PHP code, this will be executed when the config file gets requested. This parameters are stored in the config file "e107_config.php". Version 0.7.24 is affected.
f1aa6364a9b7aec87affa0e57cc0ec5d09d69d9a12a32fe5e884c8288d964039
InverseFlow version 2.4 suffers from multiple cross site scripting vulnerabilities.
6d58621745c9445aa8e48b328ff3f2cbb28a3eddc45c49e3963eefaf7b723404
Black Hat Academy has decided to go open source with the Bleeding Life 2 exploit pack. This is an exploit pack that affects Windows-based web browsers via Adobe and Java.
36303b4d6d25064a2ca162802f5dd9c42e121666c9a8518b0f3c3041b3c36994
Jara version 1.6 suffers from a remote SQL injection vulnerability.
3ac5e3f7dc5549c45c61f724ceee2c7a6f2db4dd11e0a70d05bcaded181744a9
Rinkya suffers from a cross site scripting vulnerability.
de4fdece5dffe8f098690c6026b3e330848de2599c45b9b2872be49da80d375d
phpLDAPadmin versions 1.2.1.1 and below query engine remote PHP code injection exploit.
6fb07afd579e5b0523100f2b0fc138c68c62c528e99fe2059b04a97bb6870ffa
Caleidos suffers from a remote blind SQL injection vulnerability.
25196410a12cdb1b9499a11d0c0044d5c9f47e51d0cce0aab629e56ee74bc3be
Google Chrome thread killing proof of concept denial of service exploit.
23f7ea69d7420ad20b2b0c67672eb28ea0971480330bf554eea22a6e224d964e
Open EMR version 4.0 suffers from multiple remote SQL injection vulnerabilities.
115ccc61323b5f3e6518c7a2084a9bd363254a02e7ef505592e749b25644dfd5
Cyclope Internet Filtering Proxy version 4.0 suffers from a denial of service vulnerability.
88e107c4bd84cd131ab1004d7397c57eab86ce2aa642b91196f8730223d2e824
Sports PHool versions 1.0 and below remote file inclusion exploit.
c9a5c128ec7ff9c3d7ec7c6edb9409f77c5343312821b394125b2666c39bb2b6
WordPress ThemeCity suffers from a cross site scripting vulnerability.
480a0862d20875300617c3117d32f28a213fe2b504fccb44353af5cad6b61d1c
inCommand Technologies suffers from a cross site scripting vulnerability.
dc4746b27e2df90e6a39ca95395e5cc14bd1078f7b2ede898c0defeb07d1f3bd
Radius Manager version 3.9.0 suffers from a remote SQL injection vulnerability.
d7465d1cae603ceb6c99ab6cb16dcc593475dfd9122a239007bd547a0423fc45
Oracle AutoVue version 20.0.1 suffers from an AutoVueX Active-X Control SaveViewStateToFile remote file creation / overwrite vulnerability. Proof of concept code included.
aeb1dfdd12a44a730bcec5864f95e60c365b938d372f776b6178f5919b0b4cf8
Oracle AutoVue version 20.0.1 suffers from an AutoVueX Active-X Control Export3DBom remote code execution vulnerability. Proof of concept code included.
f6e3523ba390057db8b6b08be7f5fe37093ca96f4f6757e658263c95e5e02a38
Oracle AutoVue version 20.0.1 suffers from an AutoVueX Active-X Control ExportEdaBom remote code execution vulnerability. Proof of concept code included.
1803baa2803612ed90a10f88057d39ae9f52161fa48eacbdfb002679c5977463
This Metasploit module exploits a buffer overflow in HP Power Manager's 'formExportDataLogs'. By creating a malformed request specifically for the fileName parameter, a stack-based buffer overflow occurs due to a long error message (which contains the fileName), which may result in arbitrary remote code execution under the context of 'SYSTEM'.
0e4c84f448f90124f9f12c53d533fe71d62881437ab85d0ea37f8f9dff741fe0
OCS Inventory NG version 2.0.1 suffers from a persistent cross site scripting vulnerability.
2edc29ba63a069d988d3b4b142e76efb8065de62461e42ceb42809493e2fbbd2
Opera use-after-free proof of concept denial of service exploit. A full analysis is provided as well.
8419c6bd6968801cd9b15a92576ef242081b83329fd21b4ab556bdc4d0c512c6
Cyclope Internet Filtering Proxy suffers from a stored cross site scripting vulnerability.
2ae6988217abbff9103711510b40b94c33812480a0cbdbb90ceefbd299e54ed1