meetOne, a populate iTunes application, suffers from information disclosure and transport of credentials in the clear.
f1b6167b0f9adb1d2ae657c5d3a9d3aa57bc983cdcb2a5b4eab69f77c76dd946
rdtax.myeg.com.my suffers from a cross site scripting vulnerability.
c2fc1cd70037cca8df2b3733c820778cf56f07e5af2d9f51862f9ebb904b6e77
This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.
0cd8a8da3d231693715d4e8b287a75415523666ac53647e469041b791662ac0b
This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
2dfadd85c9c6ae2a3b6dbc4fd0a0377aac24947c5d90300dbf9bd50e9aa7ebe9
This Metasploit module exploits a vulnerability in CuteFlow version 2.11.2 or prior. This application has an upload feature that allows an unauthenticated user to upload arbitrary files to the 'upload/___1/' directory and then execute it.
7e52dec1e5036e52df909f5beaef31339c50c613b21624d2406a52176b941892
Social Engine version 4 suffers from persistent and reflective cross site scripting vulnerabilities.
9cb66f52c5d1f11ad81ff910c9c102602740a914f20a0ffd26f00dea52754f32
Thelia version 1.5.1 suffers from multiple cross site scripting vulnerabilities.
71f0cfbffd7fcba6a76de33cac3d72bc47893ce798f1cb2064c4f1c6369ae33a
europ INNET Web Studio Administration Program version 2.0 suffers from cross site request forgery, cross site scripting, local file inclusion, path disclosure, and remote SQL injection vulnerabilities.
8b945b66041046c68f9608814b1da5af72c0a32cca28ec9997b10974d6f42623
Mini-Stream RM-MP3 Converter version 3.1.2.1.2010.03.30 buffer overflow exploit with ASLR and DEP bypass.
edfd394763830724256e7884bbcdffd800bc4481aa275a07d6e9009bb6093555
PHP UnZIP version 0.1 suffers from a remote disclosure vulnerability. Note that this finding houses site-specific data.
23a6b6805759f0b8d0a1867fb3e155e4357ccfc59fdb6f110096ef1b359dadac
This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
bf2514d474a7b08d3b8119c8f11509c92a1414014f2de791e9a5e94b2b9e0c03
Sites powered by code from 120host.net appear to suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
d20c64908a88aaaf4b2c62d545a432348c90464c70dda946a4bcd87c144f5ca8
Redaxo version 4.4 suffers from a cross site scripting vulnerability.
44fcafd5bf41a508f40719e15f1cb1569a6d62987e638d5f77a211a346b98692
BarCodeWiz Barcode version 4.0.0.0 suffers from an active-x buffer overflow vulnerability.
b100107c50c5435e8468ce713c08d01fee63a0729c92fd3d29da921ea87d64b1
Joomla Odudeprofile component version 2.x suffers from a remote SQL injection vulnerability.
8b5536a92abeb5455576bdcda4e58fb09ea7f7b74b19c495050cdfec88ce5f79
Morovia Barcode Professional version 3.8.0 suffers from an active-x file overwrite vulnerability.
1e1a448e430489bae7191a00ab4a67b6395df19750905d33595b962ce815c5a4
WordPress Front End Upload version 0.5.4.4 suffers from a remote shell upload vulnerability.
0193840a20a9f7c0819d8f9eb929cc2b92ed7962ad986566a8ae3ff98a761b03
Symantec Web Gateway version 5.0.3.18 local file inclusion remote root command execution exploit.
88327d0f7cbaac39c6aad31a8ef7f4b43b8d525c4c4b964adfb91854c7a37766
phpProfiles version 4.5.4 Beta suffers from cross site scripting, remote file inclusion, and remote SQL injection vulnerabilities.
92e4557c8dfd2512631cffd63a7f3429b58378e9c7e4e1db2aed8b3c92c252ab
Symantec Web Gateway version 5.0.2 suffers from a remote blind SQL injection vulnerability.
6aec98e00f8daa7f3e784b9b085136fd783f41fed252a1521762a3217af9e407
This Metasploit module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to cause an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.
ef2c81d5811597767d04bfb232a9ea85a237262aae453dc634269ab733bcb34c
This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
526da632857518ba04c937502d05234c1849101abc35c576432b65f2a4fbe5d5
MySQL Squid Access Report version 2.1.4 suffers from an html injection vulnerability.
9ef08e7e97feb92f78a981eb4bf8bf5381847ef326753e6e48890bc57bb3df6e
Nessus version 1.0.1 for Android stores the username and password in cleartext.
431b63271cbeb833e8b77bb7acf8523e8c996d9baec5986af6a90caeab756c6a
Atmail WebAdmin and Webmail Control Panel suffers from a SQL root password disclosure vulnerability.
02f37f360dac212fc971b316fb483fdb2f286cf0500b33dcd6659f153fdbcbc9