This Metasploit module exploits a vulnerability in QQPLAYER Player 3.2. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.
e7973f30b18ed27c4b6aafd3963abbf49ddc019ae30ed745b733674e032c75d3
Yahoo! Small Business suffers from a directory traversal vulnerability.
056f3e4d03ee4f8af07a366f01c02a68ea25f2030d29de39e1ad454c344bdf8b
Support Incident Tracker versions 3.65 and below remote code execution exploit that leverages translate.php.
7ffa1156de49d88784954d7cb69a66baecd33c27f096acddfdbe8fc423368721
ARASTAR suffers from a remote SQL injection vulnerability.
dc12599283621325cb714093b93b59d602c5361717808e4fb4f37cc5e0f8f30a
Digital Attic suffers from a remote SQL injection vulnerability.
70394b8ab202643cf6d047b51fa41a4d3558a6cef4ca6dba23d0455999412c7a
The WordPress Jetpack plugin suffers from a remote SQL injection vulnerability.
d000017c326513bd43fc0da1283f6f2b07d76a93d548cf37b41525864890a150
This Metasploit modules exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8
c7b86f510e7897dd9923514fbd475d9ec025e6ea543ad22525475f3d82ace5ef
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
902c4d348e0eb89f02c1aff016e36bb2f309e424dad941285a19cf704212a739
Sites powered by CareerBuilder suffer from a cross site scripting vulnerability.
9d7b6dbe930d644e2ab47535610458db70fe572c54f27cfdbe7669bf99e51032
YSD Web Design suffers from a remote SQL injection vulnerability.
6edf8fc65414a9538a833e32d7e3de32ab92e2430f71b30040abecf9b7b40463
Freelancer Calendar versions 1.01 and below suffer from a remote SQL injection vulnerability.
be67ac306c1efcaf129123dc73d6f56e23d34a6ef1f363bde7389b90fb6b24ea
Valid Tiny-Erp versions 1.6 and below suffer from a remote SQL injection vulnerability.
033932fbde1f4a37243f50169a59c068547443885f6f41bd653640b9ff55a35a
Blogs Manager versions 1.101 and below suffer from a remote SQL injection vulnerability.
81328f0584264f638a81425426602f05079f2cab3ae43de5d53401d4cbefffa3
Thunder Kankan Player denial of service exploit that produces a malicious .wav file.
43b9671cd01b8ef15c05281a172ba89140e165c74569bc6de3490a7ed8d7ca24
webERP version 4.05 suffers from cross site scripting, information disclosure and remote SQL injection vulnerabilities.
6527863421172bed1320a1beaaf760e10db2399f57d8d1c408408d39b2fe8524
Zoho ManageEngine ADSelfService Plus version 4.5 build 4521 suffers from a cross site scripting vulnerability.
11759ad39a70c1b72eb5634f99b277ad6cdfc9e7d8b29555043fd98c549dc901
SAP NetWeaver BW DOC metadata suffers from a cross site scripting vulnerability.
68d97d678e3c0fdb4545781101c9713cebe198b3b21c2030417b80a51a588341
Tiki Wiki CMS Groupware suffers from multiple cross site scripting vulnerabilities. Versions 7.2 and 8.0 RC1 are affected.
21ef97d86d440a917b5caedb85996e891e834ea1014f4979355b34a905298c19
The WordPress Flexible Custom Post Type plugin suffers from a cross site scripting vulnerability.
fee1493e19247201bae6078b7248fec39db259065399d0d9db505b56dfe63910
A reflected cross site scripting vulnerability in V-CMS version 1.0 can be exploited to execute arbitrary JavaScript.
c6bd8d414c203e4d7061c79f3542c1b5b217553d5e43319d293458513d863d05
A SQL injection vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
df2dee289d5c87f204cf0fee719b33c99baed4a25e2a6f9f88c897389068853f
An arbitrary upload vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
9b9778fc86835a6bdf9f0531d06a9035e7c2a698cfe50ecd0e20362d22be8cd2
A directory traversal vulnerability in Herberlin Bremsserver version 3.0 can be exploited to read files outside of the web root.
950c47363f210cdb881bcfb068ccaf7f685f850f0d610b4a2d6acc3361bd64ca
This Metasploit module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing a overly long argument to an insecure TifMergeMultiFiles() method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
ff98b933de5295139e90a1985be85c50e19987cebb121f5874c995e6d229d3ee
The SonicWALL Aventail SSL-VPN suffers from a remote SQL injection vulnerability.
50d808ee714423eff293cd2e86943f50a1eee9dfbb7447f0d91d5eaf91c81044