PXO305 suffers from a remote SQL injection vulnerability.
cbce6774579f4127b16d04f446b7b050b3b8c695ce8ccf15a720b69655a8f5eb
Sites designed by Hirakee suffer from remote SQL injection vulnerabilities.
ef9fedaafee10295598db990c383926b58c8c23690691aee0035c0b62c2d20b7
STS suffers from a remote SQL injection vulnerability.
9a215834778211c6ec06644065e19f17e3d56d876ef6226d0d1bcc2f87055690
Szlanga suffers from a remote SQL injection vulnerability.
aba0d44dcd1cf1a327dfd0d94ce5993efc00692743d34c838e72adf1c0c4777d
Sites powered by Marinet suffers from remote SQL injection vulnerabilities.
a15f230b69506820f12dcf31da379a052d2a65c7c71404ec0a1bc4bd6490c90d
PD Professional Designer suffers from remote SQL injection vulnerabilities.
9f5934b17c5182b1d95681fb1236314992f1471da0a40bd350e53a158f7cb095
ADiSoft suffers from remote SQL injection vulnerabilities.
3522053f05ba96a7d978bdb348ae8c7f00f9814d34194046f5ffde48ad1dc228
Coppermine Photo Gallery suffers from a remote SQL injection vulnerability.
3d723d2e07510de3d3e79a2c1b96b26e727bf6b0887be93a44d48440bdfb9480
This Metasploit module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for attacks against Korean based organizations. Specifically, this issue occurs when indexing an array using an arbitrary value, memory can be referenced and later executed. Taking advantage of this issue does not rely on heap spraying as the vulnerability can also be used for information leakage. Currently this exploit works for IE6, IE7, IE8, Firefox 10.2 and likely several other browsers under multiple Windows platforms. This exploit bypasses ASLR/DEP and is very reliable.
e26bbead67100b455a3fddb8cfcf7df0baddef6b4fbc68f4cc261a2c4dea9972
HP Data Protector client versions 6.11 and 6.20 suffer from an EXEC_CMD remote code execution vulnerability.
5d34993adf845edd6d894d448162c3ced97c1186b2c7b70f5c29bfbe0a5da886
Samsung AllShare versions 2.1.1.0 and below suffer from a NULL pointer vulnerability. Proof of concept utility included.
83cd80b6e2edbb33b8a4976ea647724003619c7fb8d84f66b2a16fcef95d2296
Sysax versions 5.62 ad below administrative interface local buffer overflow exploit that binds a shell to port 4444.
7efb7cd16bdaabc3ae5c671cbe33491c4a4f524a9fb6e3dd1b168c19d3339372
vBulletin version 4.2.0 suffers from a persistent cross site scripting vulnerability in the calendar section.
e7d9b6e67ae5c903fc89ea7cf816b833e7afba6a2dabbdf3f503d0c45e30bc9a
iBoutique eCommerce version 4.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
b9d8020c62cfd37895538cb2c3dbd4915df7a982bcdb8a2598c05df919c7bcd0
e107 Tap plugin version 2.0 suffers from a remote shell upload vulnerability.
16d450b6820569c25505641914654435ddd38724cabde859aebdd200c217525b
e107 Radio Plan plugin version 2.06 suffers from a remote shell upload vulnerability.
5220d8a9f509f1a911a75ce3797603c70b92f27bd86d8e23024038f88f0290ca
e107 Hupsi Share plugin version 1.00 suffers from a remote shell upload vulnerability.
01edcafd988a763a0655922e61b5d35515bc3ba601616b9aca3fb8f4ed687449
e107 Image Gallery plugin version 0.9.7.1 suffers from a remote file disclosure vulnerability.
1f7d952a66337a9793777b6c5584a8fced88cabd97560d6834e5f3fd3fb3029e
e107 Hupsi Media Gallery plugin version 1.0 suffers from a remote shell upload vulnerability.
cf798872e71c9fa0094aa28aab7cb5fe4bb92f07513ffad6e92a20748e2682d9
e107 Hupsi Fancybox plugin version 1.0.4 suffers from a remote shell upload vulnerability.
727a4c7d0667d51fdc6d9063229dfbd1e7e1bb30b5ff957fb971eb33023c1113
e107 Filemanager plugin version 1.0 suffers from a remote shell upload vulnerability.
1d93b23a1ed5130b4f2f0502a0ad4874fa5922b73334e7298c15b985733e50fe
e107 FileDownload plugin version 1.1 suffers from shell upload and file disclosure vulnerabilities.
4c9eeefd5a414c20c21f82970080248e3086771b1fd32ec3268620ead5403a56
AdaptCMS version 2.0.2 suffers from cross site scripting vulnerabilities.
97186847792218b50bd50c087ed631bbd8f1b4936aac301043dad7bf2fffd224
BlogX suffers from a database disclosure vulnerability.
27a6d02fb7e97c66b9bee72cb598a630daeceede8130f4b684117e42a22e9493
CMS Balitbang suffers from cross site request forgery and cross site scripting vulnerabilities.
9ba47dbd951a49309c5fffb500e8f83f059551fb85d0488afb275d9e89d33102