The Siemens Simatic S7-1200 S7 CPU start and stop functions over ISO-TSAP this modules allows an attacker to perform administrative commands without authentication. This Metasploit module allows a remote user to change the state of the PLC between STOP and START, allowing an attacker to end process control by the PLC.
209515171372e815da32934ab41fdd5f1c336d22022bec1c97308a5b5097d4c3
The Siemens Simatic S7-300/400 S7 CPU start and stop functions over ISO-TSAP this modules allows an attacker to perform administrative commands without authentication. This Metasploit module allows a remote user to change the state of the PLC between STOP and START, allowing an attacker to end process control by the PLC.
e012c156c46c53f51452c321377eed31d2bcff3d14db2c6ffe938003af648fc7
VamCart CMS version 0.9 suffers from multiple cross site scripting vulnerabilities.
20b70ae83034a770d8f15b30a15883ea7321b714bb164532950b8650047e65d1
WinGraphviz suffers from an active-x heap overflow vulnerability.
3f6c0b7d807e74cd9fa8d751cc0f4d471d353406a2b674cf66604828a356fc22
Multiple Site5 WordPress themes suffer from an email spoofing vulnerability.
3ae588eeb35bf8ce5278a0e55fc825b27cefdef0759ac73636c048ab0ff52b56
Elite Bulletin Board version 2.1.19 suffers from a remote SQL injection vulnerability.
38ceedd2da888919b9e4f13ce5a14bd3fb372a6bf5708329aa373a96263aba8f
Shopware version 3.5 suffers from a remote SQL injection vulnerability.
5a6df1b8bd0a494ca93cc2d947cf380ac0ddc0a03aa982f3f7ca4cdd7b20e18c
This Metasploit module attempts to authenticate using a hard-coded backdoor password in the Simatic S7-300 PLC and dumps the device memory using system commands.
d6907293e454a396426319c60a1d46ca00f48f5825d6033b2984938b778a4ca1
Akismet version 2.5.6 suffers from cross site request forgery and cross site scripting vulnerabilities.
80fd2945fb11406963aab824dedf83f727c0c37ef1aa8104a8256df820d3cbe7
Mc Full Audio Converter 1.3.0 denial of service exploit that creates a malicious .ogg file.
3857f0a48ce2d3fa17ec113156b87a87ad36311188b97b1b48a40ce6efafea26
Kool Media Converter version 2.7.0 denial of service exploit that creates a malicious .ogg file.
3e3726b25afd1b47737aa057bcc6c3252389d6821ad5912a063c33c2c76dd3e8
The Joomla OS Property component suffers from a remote shell upload vulnerability.
2319911a51d2f907dbdd7a4d6226212e3052f622977a3c72772152ecace5dd11
The Joomla KSAdvertiser component suffers from a remote shell upload vulnerability.
54de96cd083b6fb565bccf13177d146934ddaefac5016487fb873d261c227b3d
WebPageTest versions 2.6 and below suffer from local file inclusion, shell upload, file disclosure, and file deletion vulnerabilities.
89dcea13ec2ce098c36406bb3eb0f66cf4abc25e56f9529e8cf96f1886dc3447
WordPress Resume Submissions and Job Postings plugin version 2.5.1 suffers from a remote shell upload vulnerability.
abb9002f357afe4cc499af58b4cec029b8eafcb2610d8311454bcd553f75f567
Ajax Data Uploader suffers from a remote shell upload vulnerability.
9f7ee95a3d29326c1ee467ff1021b8c1447ba8a1514a4d8fb8f20b122a2bb4bc
Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.
89d448f5823f6c330e5a4b53e23014a5b1fe003dd4087081ff3c078b9e4d3271
GLPI version 0.83.2 suffers from a cross site scripting vulnerability.
f5b2c4c3483e2fc4f8c4c71cf68580c2f1cec99231c16a7d5963d408d62baeba
WaveSurfer version 1.8.8p4 memory corruption proof of concept exploit.
d4deff1bae6282d551700d55692f595d5773d5a0250ecd06933d407d8d9fca97
House Style version 0.1.2 suffers from a readfile() local file disclosure vulnerability.
f0e12ae5abdf3d6c1f4d058141489a08c550c3d153d77562c509b480d09570ae
eCan version 0.1 suffers from a local file disclosure vulnerability.
3554c4524462040f5dda78c445352d07b4b18d5640ec8b6a0de6960bcda363d5
Lc Flickr Carousel version 1.0 suffers from a local file disclosure vulnerability.
dc7d17c6acb8edf73ecc37248cbc4108c8901dc3dbb59bf06deb7163d82d68e9
ZipItFast PRO version 3.0 heap overflow exploit that binds a shell to port 9988.
ab680f9134fecd5dfa2d8333c77bceee24944dda8791109e831b9c78dcc248d1
Gustavo Antunez suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
45dfa21d4ac27c3193e728f09f57cf8b6e0c05492520c836b22a6db5684f2392
Xoops module extgallery version 1.0.8 suffers from shell upload and file download vulnerabilities.
efd88a83367f65c5f985484f2a284435e4bff9c2448221292782b342964edd58