WHCMS version 5.0.3 suffers from a remote file inclusion vulnerability.
532e03e38b10d3f50c3d381338ca5d1080316250f117137d65fe8c59a7e2d019
Sana Net suffers from a remote SQL injection vulnerability.
d491a5a72f433e70dc437aad5c7566578adb0b5c61241911fd93e1130630f84f
Fireshop suffers from a remote SQL injection vulnerability.
36d870fb070fb835a26adc1353be0922620e046bd24f7e31f4e19c3ade9e55cd
Sonna suffers from a remote SQL injection vulnerability.
3e384e602123e1e3714cb3a6de449d3115f1eb9f1d640ccfb070cff8cf0d70aa
ASP Content Management suffers from a remote database disclosure vulnerability.
ed2c1c995ba55abc3d684e158935240fbf5549efa2590b99e3a007e08eb041b7
Pro Clan Manager version 0.4.2 suffer from administrative bypass and shell upload vulnerabilities.
91de8e3281c1f4f38ec58022b3f86bbd3170212247a3c4bcacc892b75a42aa35
This Metasploit module exploits a stack buffer overflow in the EZHomeTech EZServer. If a malicious user sends packets containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique.
2bc92ff43f6bcca9c19f782162fc5db7f333fc90bad8a57b6c286fccae52a802
The Airlock WAF protection can be completely bypassed by using overlong UTF-8character representations of the NUL character such as C0 80, E0 80 80 and F080 80 80. During the tests no internal knowledge of the WAF was known, but it is suspected that the UTF-8 decoder fails to reject the overlong NUL byte character representations and they get decoded as U+0000 later on. Further the WAF would not perform any checks for attack patterns after the NUL byte. Versions 4.2.4 and below are affected.
4500f9de8c3478095642ee54e1fc94fcf7d2f146d8b89ff5f68fd0fa5d527f81
Ezhometech Ezserver versions 6.4 and below stack buffer overflow exploit that binds a shell to port 4444.
0a3c7b30433e99d4e5b31ad439b1616f357b9a2b87934bff537c85f76e8698e9
Squiz CMS version 4.6.3 suffers from cross site scripting and XXE injection vulnerabilities.
a5d045b3aad07ff6c6442d788cf3530feb8b0422a99a5af1dae6dda396024529
WordPress LB Mixed Slideshow plugin version 1.0 suffers from a remote shell upload vulnerability.
05d1ff86d15d4c018bc701f3b912dbda44ddada39fafab1e62575e473e009971
WordPress Famous theme version 2.0.5 suffers from a remote shell upload vulnerability.
5cd23143dda2991fa8b54bad24336fde593bf11003add82671ad05be651816d2
VANA CMS suffers from a remote SQL injection vulnerability.
06f4bc981b8d0c7290c0f3d2af444d55400dc6e92ccfa1464b27166a7ed92ba7
WordPress Lim4wp plugin version 1.1.1 suffers from a remote shell upload vulnerability.
bdd83eb33020bf673d8c201bed0edee4aea04fd587fad2b42688292c7b805cc7
WordPress Wp-ImageZoom plugin version 1.03 suffers from a remote file disclosure vulnerability.
313fae93536b657222df93e542a161ff4e99e670f7fcc788a126bd30970b4474
WordPress Deep-Blue theme version 1.9.2 suffers from a remote shell upload vulnerability.
655fa08681c7b44b6899577f403fd689e810e5138a16b53311a249704bc54503
Bricolage version 1.x suffers from persistent cross site scripting and remote SQL injection vulnerabilities.
648f270968361f02a75713be4218de41297130fcbab5f3d51e86d905c491399c
MyTickets versions 1 through 2.0.8 suffer from a remote SQL injection vulnerability.
99fc0500b3e38cf669b96c02099379cc481addcdb679c1271958420f61af0d62
Total Video Player version 1.31 crash proof of concept denial of service exploit that creates malicious files.
50826852f4723c4697c5342a471db0766e94f72ffba3dc55768b3c1d68c3014d
This Metasploit module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers. This Metasploit module has been tested against the thread safe version of PHP 5.4.2, from "windows.php.net", running with Apache 2.2.22 from "apachelounge.com".
9911ce27bffaa90bdbd0d7a764559440c9b73d2a107c14d2ddcf46c3708a6749
QNAP Turbo NAS with firmware versions 3.6.1 Build 0302T and below suffer from a command injection vulnerability that allows for remote code execution.
bcec74851c024f2e1466935f495fd1687810e39d50b44f12aa001bc14964e143
Joomla hwdVideoShare version r805 suffers from a remote shell upload vulnerability.
bc1e6119f2ed610cbf46770b53e894f80bf571ef0fd6dd76866a7970a5544ce0
Expressive suffers from a remote SQL injection vulnerability.
719742cd414eeb3533f6a8fe09ad8f2f72d205bbf4046d2802e193d710e842d7
Gate49 suffers from a remote SQL injection vulnerability.
26da9555ed1f769d448d67b2816b5465620fa020b873bdf5b302314bc644eab4
Glucone suffers from a remote SQL injection vulnerability.
6b6c790953a313e47f767bcbf9356d4021c0adab153cda27758fe04f8af292ce