Nagios Plugin check_ups local buffer overflow proof of concept exploit.
480e395245d4f2a787ed42a9a1c6f63c6b984d7222841a698055b21a9e6522f2
Free Image Hosting suffers from a shell upload vulnerability.
c0449e71cd5d9af01a83b31144a5dd2d0cc975fb16272cae7ebcb8bd28898af5
OpenEMR 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
c5472d4657683443d0f1450f9011027988e59ef78f177e8fcb2f435fbdcb01c4
MyBB version 1.6.5 suffers from a cross site scripting vulnerability.
afe4036091106e101329b12a40fc799514261911b1ababc195437fb016cb7a66
Lighttpd versions before 1.4.30 and 1.5 before SVN revision 2806 out-of-bounds read segmentation fault denial of service exploit.
a78ebddef1ff446f752bc857193d5fc6a7bb8cdaa8a66f37a2fd64a80504bfe7
Microsoft Windows Media Player version 11.0.5721.5262 remote denial of service exploit.
8f956aea0456c97de55561f1b85fde6e2d17e46339271b02a273569d29f09677
Putty version 0.60 null pointer denial of service exploit.
c0e5d6fed8a39f92e5fe93389c056c8233af29be9277250b0220f8dccc1f7f2e
MySQL version 5.5.8 remote denial of service proof of concept exploit.
e47dc3eb176f47a4d695cb60327c8ceca93506e42b7b61b174b504ddbbd485fd
FreeSSHD remote denial of service proof of concept exploit.
64ef29a432819a28b41d8f37b7d65cc811d1a982933c6caf1642e4ced0608e7a
Pre Studio Business Card Designer suffers from a remote SQL injection vulnerability.
c794f54bab399b0c0633492d18f99b818df6ffbe8246ade34257f886b2c02046
D-Zayn Web Design Access suffers from a remote SQL injection vulnerability.
a1ae391f129cbd6c64b9a123df61a7dcf6e5f853e2420e8d50108ee26be570cb
GraphicClone suffers from a cross site scripting vulnerability.
7e386b1f62fdf95ab4f2156dbfe331cae9df9200886e6339cdf26aab4295c59f
This Metasploit module exploits a buffer overflow in OpenTFTP Server SP 1.4. The vulnerable condition triggers when the TFTP opcode is configured as an error packet, the TFTP service will then format the message using a sprintf() function, which causes an overflow, therefore allowing remote code execution under the context of SYSTEM. The offset (to EIP) is specific to how the TFTP was started (as a 'Stand Alone', or 'Service'). By default the target is set to 'Service' because that's the default configuration during OpenTFTP Server SP 1.4's installation.
10056b046a41d7587ed57448581e4849d5d597aefca473ec48c1a6dfbccc8913
This Metasploit module exploits the Oracle Job Scheduler to execute arbitrary commands. The Job Scheduler is implemented via the component extjob.exe which listens on a named pipe called "orcljsex<SID>" and execute arbitrary commands received throw this channel via CreateProcess(). In order to connect to the Named Pipe remotely SMB access is required. This Metasploit module has been tested on Oracle 10g Release 1 where the Oracle Job Scheduler runs as SYSTEM on Windows but it's disabled by default.
a5520991853dfba840715d948313a5ca0eee49a3177ec837c2761cf043b2c418
Open Conference Systems versions 2.3.4 and below, Open Journal Systems version 2.3.6 and below and Open Harvester Systems versions 2.3.1 and below remote code execution exploit.
c8514bceee7ade59cbec79ac89af4009e9637eb3d5dcbf7b21c50429755f0ec6
This Metasploit module exploits a SIP username enumeration vulnerability in Asterisk. Performs a REGISTER scan for numeric peer usernames having a nat setting different to global sip nat setting. Works even when alwaysauthreject=yes. For this exploit to work, the source port cannot be 5060.
54da0d99e312b44be212dc5220e9ea0fef3a31a1f8a4b91a6f8f48f53c53ca09
This Metasploit module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
2a414aa71e3429752f31a3f9f0ad17a08f3c3d290b612cfb08bbb15b1b14dea3
This Metasploit module abuses a command execution vulnerability within the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists within the 'mappy' search command which allows to run python code. To exploit this vulnerability a valid Splunk user with the admin role is required. Unfortunately, Splunk uses a default credential of 'admin:changeme' for admin access, which is used to leverage our attack. The Splunk Web interface runs as SYSTEM on Windows and as root on Linux by default.
4cec15e9c8252677e5cd1bb453f1bd43e0c2eb409d8162a5ce458bb290116509
Tiki Wiki CMS Groupware versions 8.2 and below suffer from a remote PHP code injection vulnerability in snarf_ajax.php.
b7307f459df54b9ed0978af284f064b18dafbeb2458c69e4c3625d1e42e39172
phpMyAdmin version 3.4.8 suffers from a cross site scripting vulnerability.
a8c40f3aee84c74d540c2097d20b0799688cc7300895c4ba59bc51a7b094009f
Drupal version 6.22 with SuperCron version 6.x-1.3 suffers from a cross site scripting vulnerability.
8a89f2d6aafb86f8a2a868799cba22ec0847d46793c38a7e65f20270b976c80e
Whois Cart Billing suffers from cross site scripting and credential disclosure vulnerabilities.
14544ef73256873b243f248ee7ddffc710806649b369ac24542d5fedfed61670
Iran Sports Network suffers from a remote SQL injection vulnerability.
313de7f72a01e2adc00846d8d25134e08fcad8a8004e4e385dd96b4a476b5ffb
Infoproject Biznis Heroj versions Plus, Pro and Extra all suffer from a remote SQL injection vulnerability that allows for authentication bypass.
961df363124e6674f343f13b06667b0bf250c19cf3e3b56c172a9d02e465728b
Infoproject Biznis Heroj versions Plus, Pro and Extra all suffer from cross site scripting and remote SQL injection vulnerabilities.
8ecabcbaea16aca5a5916cc00663bf1cb2f9fa325f8b98c1af8c3175c22a5eef