KMPlayer version 3.2.0.19 suffers from a DLL hijacking vulnerability.
e710953170f62944c95092c7d7f49e5821951feac65493d0dc8d7059e53707a9
Parallels PLESK version 9.x suffers from an insecure permissions vulnerability.
ed2521012c4e3be895f96bbdf69d5c6e700987738b89562f7bc01f25941cf0cb
WordPress Zingiri Web Shop plugin versions 2.4.0 and below suffer from reflective and stored cross site scripting vulnerabilities.
18ed50d1ec24690a1dd37bbe47a05297e810a1d475db1cbd2c532a9a4dbb6838
Microsoft MSN Hotmail suffered from a password reset and setup vulnerability.
49073ed7e6528aed6e2a1395224e58b80dc4adcd3daca681f9d673e3701cffb1
Ettercap NG version 0.7.4 suffers from a DLL hijacking vulnerability.
d04c00509e1d3444d662e6b7f22e92825bfd705db741648e0c2385bed9551510
This Metasploit module exploits a buffer overflow in Shadow Stream Recorder 3.0.1.7. Using the application to open a specially crafted asx file, a buffer overflow may occur to allow arbitrary code execution under the context of the user.
8605d6b286358f8ebce3e864c8089ee88a7cec055a12349e1618003174c8d254
This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.
0b684caf70084bb5bcb079447d8379464ff2e3e928ee2d84beab044161baf6bb
WordPress Organizer version 1.2.1 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities.
5d7da27b984ced3d8195b475c086f6fa632941aa13a56de1779eb08cce7b634d
MoroccoTel boxes suffer from an issue where there is a default password that can be used on the telnet server.
15212df8a3a8d8b6ba16ec77025ef5e22d8dacfee6fd2ff769977b33b5b5fd46
Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.
170fe747de0161668180d3fcf82d6993ee1b0965b81a9d2d8dfc43b1af0b7d9e
mount.cifs chdir() allows for arbitrary file identification as root. All versions prior to 5.4 are affected.
1a07d210c27edc8b4cb7f1f1ad3579fd0a15fb1679968e8465902f2d88e2e7ae
The Joomla Video Gallery component suffers from local file inclusion and remote SQL injection vulnerabilities.
462e3a42ad4cdf7f3d4b4fc799263665b5f88d737088527e7db190630d754023
PHP Ticket System Beta 1 suffers from a remote SQL injection vulnerability.
f331b153861f4c95d8694429e29e08f749646cec6c2de5b128d953c29eb07810
An undocumented backdoor account exists within all released versions of RuggedCom's Rugged Operating System (ROS®). The username for the account, which cannot be disabled, is "factory" and its password is dynamically generated based on the device's MAC address. Multiple attempts have been made in the past 12 months to have this backdoor removed and customers notified. Exploit included.
fb64f3c68bc6c2d150dfa801c3cc74442ea2352e08299729ea8753433d5ab22a
BeyondCHM version 1.1 suffers from a buffer overflow vulnerability when handling a specially crafted chm file. Proof of concept included.
1f4140d1bd20cda3a4f39e3e694685f225a0d65e60da185fa2ca460418e79975
CMS By Hispanic Digital Network, Inc. suffers from cross site scripting and remote SQL injection vulnerabilities.
e0609b970a7a2371fc93de251413bd770167edbea45b1afe9330271db1a45913
Ettercap version 0.7.4.1 suffers from a DLL hijacking vulnerability.
0a44574fc1b60dc3699352b2c882fc1583f45dbb3776d25cff6a520d75cd30d8
Website Deisgn Cardiff suffers from a remote SQL injection vulnerability.
9fb16c16ea10f1e8ab6415d84c27188754c2862797de36e6bc36d57da8055092
Mitsubishi.ru suffers from cross site scripting and remote SQL injection vulnerabilities.
c4f9192ef7220609caa4d99bd7ed8867a4dc1456498243db2df42f5a17131299
ChurchCMS version 0.0.1 suffers from multiple remote SQL injection vulnerabilities.
daf142bf714b4c86657eb17fad71cfb835dab67218e8b0d57cc94cd82c369f65
An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
9f691c33118729de8b1118c45e101699844a3903353809ae5aaae2e5abda61ad
School Website Solutions suffers from a cross site scripting vulnerability.
80af71695150018fd717350d968e6d200dcb7528844b325608fb32140f234a4d
ExponentCMS version 2.0.5 suffers from cross site scripting and remote blind SQL injection vulnerabilities.
68603c7e8c2f5997c0f69c3794e2233a415b93ed2b8acfd1beee701a907b284c
Mobipocket Reader version 6.2 build 608 suffers from a buffer overflow vulnerability. Proof of concept included.
956ac848bb2710f1365550adfff0b8787d1dfb621595612c0d1b192087b80cb7
SumatraPDF version 2.0.1 suffers from chm and mobi file memory corruption vulnerabilities. Proof of concept included.
2c48263ca242c08c83e3159ab0488a34d4ec0b9ed8c46ee7db29a49caef65b02