Tap In Solutions suffers from a remote blind SQL injection vulnerability.
995cbf573228570625a2c32a2a15874c97fc116822256ce63a74c4f0f34843b3
iSchoolSite suffers from a remote SQL injection vulnerability.
3bb4573c38c18f4182a4f42fbe981360a4539c97e45c9e64d63cb6db79c46312
Climeweb suffers from a remote SQL injection vulnerability.
7c1d7f5694c17aae6e22a12e8036ed5dfe6499f138eb0928270c7792e73ab572
This Metasploit module exploits a stack-based buffer overflow vulnerability in version 7.5.1 86 of Real Networks Netzip Classic. In order for the command to be executed, an attacker must convince someone to load a specially crafted zip file with NetZip Classic. By doing so, an attacker can execute arbitrary code as the victim user.
7c9d830274420e19564984899e0366cab20392b76e994a6b0e384e9de02b5a0a
This Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.
813e7b6681dffdbb170749ba71603be94be65c52baeeeffe39b6f94697d09ec4
Gnuboard versions 4.33.02 and below suffer from a remote SQL injection vulnerability in tp.php.
95a4c8c9f9e28f3db5ddb919a8e9f6a2d90986205c018ce57567a87e28212b79
The Dominant Creature BBG/RPG browser game suffers from a cross site scripting vulnerability.
7d877e69ad0910b2150ebb5b0e6e0e42c107770003b770a64e31c33e653aa852
WordPress plugin BackWPup version 2.1.4 suffers from a remote code execution vulnerability.
e8922fa4c7addf7e093d643ed4e3247a3aeeba16d61549f286d287b09cde8758
The service at anti-virus.cloudflare.com suffers from a cross site scripting vulnerability.
b6ee5497426ebce31868121289c9ae738ae0ad5026abab52cd9dbc4650ad8848
Toshiba e-Studio devices suffer from an authentication bypass vulnerability.
8d34ec59051a89a05afdeee8fa150523f3ddb25662352023a4f80265d709bec7
This exploit demonstrates denial of service vulnerabilities in the Windows TCP/IP stack as outlined in MS11-064.
471ae2bada5d0b38fd72c862eb89a058ec3a822b1b81c073d91414299fd67a81
BlueZone Desktop suffers from a denial of service vulnerability when handling a malformed .zap file.
e1a7bbab1ba84af0b35ae5069123a331cb1e9ab9fa13f4586b2f072df9c6fedd
Ruubik CMS version 1.1.0 suffers from a local file inclusion vulnerability in /extra/image.php.
d2b1addd96e2e267f8d8f70e75e428f64d640a7bfab0a656996b01f6d5197ad6
AV Arcade Pro version 5.4.3 suffers from an insecure cookie vulnerability that allows for access bypass.
85caebbc8302080405aaba7b14f4d050846bcc4ebc8f6a18d8cc7afc3983ae10
aSgbookPHP version 1.9 suffers from a cross site scripting vulnerability.
fa1a2a00d58496a2268288ec516ff78e9ea410036ba43a047873b29febc8bae7
Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code.
a157bef85abd26f723c099109c42adb1bb95c25de6439edfd27bf297b0efe62f
Mac App Store suffers from a man-in-the-middle vulnerability that allows for remote command execution.
e88209a3e289c622603bd43b938bcfbf92e5160cdf3d50166e1221374865b7e6
Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
f206473f38c0933286bdc00fd667750becd015dc4db7e86a307c3b55344dc453
WordPress Photo Album Plus versions 4.1.1 and below suffer from a remote SQL injection vulnerability.
bf3ea8918c7de9782e264e2d6b05ec45720b07a5c20144302c4a8eed53b6c5d3
PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.
3771948f0bd952728776730df1a273e42847c65f28d2f2d69c737d27de5ba2c2
Sites designed by Xenon suffer from multiple remote SQL injection vulnerabilities.
c098a4388a127889dfd3764db922cde8244b6a82e61ff357ae5785d470fd40d5
This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.
9cec135d4cf28788b201ff76bbf8e4da5b3898cae8eca25fb07c606afc723f80
This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
eca7d8b6931584eb3a994d517c4e7c7d6ee00bc2c0a6e1a811a275c54de08fa6
WordPress Contact Form plugin versions 2.7.5 and below suffer from a remote SQL injection vulnerability. A patch is included.
9b07f455f6aee294073adabc402040fdad7b34b7d958d48990162aa3974e39f7
Microsoft .fon extension kernel-mode buffer overrun proof of concept exploit and write-up.
c9041b25d1db7f3af1b8cb43239c5d141716f9bc0a5017a00f045f34067e378d