GreenBrowser suffers from dialog and stored cross site scripting vulnerabilities. Versions 6.1.0117 and 6.1.0216 are affected.
52011797f6cf6b3020e9528439fbb81b5f61d8b3df82e16e190aca42efcb4e80
NextBBS version 0.6.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
bfa83da9859d83d6988d38e9d8dc4e00aea5881410d054635c38bf926bc80c44
WordPress Integrator plugin version 1.32 suffers from a cross site scripting vulnerability.
226dc0865f1e4637a651cc57b54000997a519d9ef7a21654f2c356f06f380d22
IP.Board Add-on IP.Gallery version 4.2.1 suffers from a cross site scripting vulnerability.
90c47186ae1674d5115aa9b5aa199e83a70e3cd3652f114d5d4cfa401a38b202
Safari for Windows versions 5.1.5 and below URL window.open() spoofing exploit.
fa47711147826c3af24200dac00cf3b0e261d6aac3b5014aeeb8cecd5a70ee04
Serido CMS suffers from a remote SQL injection vulnerability.
8f54cea7fe56f563e5f9f54ce1d3096211202437785c28a2bb98ba94f0398d21
Matthew1471s ASP BlogX suffers from a cross site scripting vulnerability.
278ceb4d4521a0d480bdb5620b3f83a5315dd44c0864b48c673fe27f962b2c8f
MyBB version 1.6.6 suffers from cross site scripting and remote SQL injection vulnerabilities.
1c05d3a8ad5d3b1a5d24d5c58e27e647e137cbad96576db30cdb622ac4ada965
The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.
811b545d5083c227c56986dbdeeac60ef0a1b6690230618e3d3b76f311c4ab12
Family CMS versions 2.9 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
1ec7f405de63ef5f7838d32c96dbfa4b6d6603c64200b6d6fa5153eb534bef34
Wolf CMS versions 0.75 and below suffer from a persistent cross site scripting vulnerability.
bf5531ebf0d1f42a147d86f362d0405a209a4ad6e8e3ce3b8be40adb10d4cde7
This Metasploit module exploits a vulnerability found in Ricoh DC's DL-10 SR10 FTP service. By supplying a long string of data to the USER command, it is possible to trigger a stack-based buffer overflow, which allows remote code execution under the context of the user. Please note that in order to trigger the vulnerability, the server must be configured with a log file name (by default, it's disabled).
2e39652db0079e5ca51125d0179fc236f418207928058994109116189eadb542
This Metasploit module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack.
b357e9030ba561108d1415577377c438445c6d1ccdf5a6b60eef2ab3f927b9c6
This Metasploit module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callme_page.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callme_startcall in order to gain remote code execution. Please note in order to use this module properly, you must know the extension number, which can be enumerated or bruteforced, or you may try some of the default extensions such as 0 or 200. Also, the call has to be answered (or go to voice). Tested on both Elastix and FreePBX ISO image installs.
732f9a89390a847e9a30d1b733961bd71e76e38457ac805770011388b929d0cc
Checkpagerankgoogle.com suffers from a cross site scripting vulnerability.
ee0303b63281ce4c2c26227f5bc2666eac841f26c64ccf604363ce40901baa6f
Geeklog version 1.8.1 suffers from a remote SQL injection vulnerability.
9be3e7153df67b33b254726a14a901951aaaba4751f8049fd80f5b1eb6da025f
vBshop suffers from a persistent cross site scripting vulnerability.
d4a6811d6fb5bac7dbc3fdde83a891132b9c2f843ed4d0dd91eb279b0283ae47
Pale Moon Web Browser version 11.0 suffers from a multiple looping denial of service vulnerability.
40561a779d1b6656164dae1c91c66170fb40b3a209cc2de7e38e82b7eb790a39
Otuz8 Medya suffers from a cross site scripting vulnerability.
0c3d7e759f5842190060b4b859db8cfdfd3d3e5b8c4e3e3e8c999f3059f2d896
Validate.icq.com suffers from a cross site scripting vulnerability.
ccacf2ce466f55826ad427e0bf970ca5cfdd882f0cc43dd33c48bdd083b5a97b
FBLike Script suffers from a cross site scripting vulnerability.
c71e8559d3436f05fed29184dce0f98281b30b1685e4fa19b6b6246ec5639d21
PHP version 5.4.0 built-in web server denial of service proof of concept exploit.
bbfd3425e200f20aede920fb93f171459ebc22c83495b9e14ad46cef5fb558db
Event Calendar PHP 1.0 suffers from a cross site scripting vulnerability. Version 1.1 fixes this issue.
da5cb4722a4744a9001176ef2a9c67350d54eb420e64cc3e33a32ea6f03e3c76
Laoy8! CMS version 3.0sp1 suffers from a cross site scripting vulnerability.
4930a19b764cac7eda59e68e1a8624d9d7c53390ff842362f47a4b2479ea53cc
vBulletin vBShout module versions 6.0.5 and below suffer from a cross site scripting vulnerability.
462691bf6e33cb4da99f73fd68d72c50e99cf6cb8e3203bd504dcf8a334e3836