WordPress version 3.4.2 appears to suffer from user enumeration and path disclosure vulnerabilities.
f672ffa3fe1c2cdc32145c392c8ccd21e2a5005b5593a62f5cdd4f6628b98a9b
Avcmedia CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
386079be1ad4a0714a78b9a73a2cebfd9bde5ba6e3a91636f4f08ec4ab3ec5f2
vBulletin version 4.1.12 suffers from a remote SQL injection vulnerability in blog_plugin_useradmin.php.
2ff2c6b6842c2bb85c4e27bab7b624e79849eea8da77f95cba7862aa7f6a63b4
A simple request to WordPress discloses a given author's name in the title when you enumerate values for author=.
523ced8ffd06cb5ce06338ed19e6b1fe16dd2776ba083fa543553d63fdd4b571
The xyleborini.tamu.edu site suffers from a cross site scripting vulnerability.
4f88ed7a023e0920a77e80db5cb7198de51117fa5c8651973c231353a4dc57e1
Firstlink CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
58be632f68ff8d719c6cc5463e32182f4b7959cd9c1536ae91eeb81c324c78ac
The med.stanford.edu site suffers from a cross site scripting vulnerability.
26cbcda4ef772831a47575ad437d5a04a414a6ed96e780452ac0b6f2ee00e8ab
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.
66f9396f0db135d2fa969a6675b705145fd8d9a8e475df6ffb4eb653d1a76be3
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.580. The vulnerability exists in the /file/show.cgi component and allows an authenticated user, with access to the File Manager Module, to execute arbitrary commands with root privileges. The module has been tested successfully with Webim 1.580 over Ubuntu 10.04.
d7e27005cef2dea975ee0263e61102bda3d07c173825124a4099ef2ae10c8605
Spiceworks suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions 6.0.00993 and 6.0.00966 are affected.
4ce5933102d2ccf865d7267ad00d42bf306c382f9f03e4434c196f2d1258452f
TorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.
7185dd5b6ed5a821ecd9a5ec901d5d961227f2ab65af5e4ed90e84f1cd946946
Novell Groupwise versions 8.0.2 HP3 and 2012 suffers from an integer overflow vulnerability.
f82e2a8cfbd871bf746381353b9d597a48d059ad35b2d45116b4b230fc917e0f
Netsweeper WebAdmin Portal suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Note that most of this data released back in July of 2012 without the SQL injection information.
334e61b447c540bdcd2f46a9286fba1fb02a185a296fb66758697dd81cba3c6b
A local buffer overflow vulnerability has been found on the NCMedia Sound Editor Pro version 7.5.1. The application saves the paths for all recently used files in a file called "MRUList201202.dat" in the directory %appdata%\Sound Editor Pro\. When clicking on the "File" menu item the application reads the contents of the file, but does not validate the length of the string loaded from the file before passing it to a buffer, which leads to a stack-based buffer overflow.
a1f0e2a2be8b3403de464902a0d925d7567541a522d8d12be77fb9410aac9104
LuxCal version 2.7.0 suffers from cross site scripting, information disclosure, and local file inclusion vulnerabilities.
503bd9fd609f08e15c9a8ac9ee45ba2ebf9dfbf41405bb3bcf3614423544d6dc
FreeWebshop version 2.2.9 suffers from cross site scripting and multiple remote SQL injection vulnerabilities.
f0f154ab364674f14b5f153465e8811cc06e2b9b2d41a40b64d7cf47db4d65cf
NCMedia Sound Editor Pro version 7.5.1 suffers from a MRUList201202.dat file handling buffer overflow vulnerability.
622be827ae2f496adf9292ac657f311604c6fcd62f590a02bc8c7745d6858de5
webERP versions 4.08.4 and below suffer from a remote SQL injection vulnerability in WorkOrderEntry.php.
6a3662b7c29717d2a88024524394dbdf12cf57e1da607c8a6457fcc3b5244904
Sites designed by IRIX suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
2e1d97b25f5cf62f82dd3038d4d74f2fdf27973b47773218d61fd699c2992eeb
Minimal Gallery version 0.8.1 suffers from multiple cross site scripting vulnerabilities.
f6e1be94b3b6eb38283071b8ae44fb73d794a2ee4f0d4d32b0a40007d5429c96
Megabirlik Bilgi Islem suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
ea00f1753b2177f19d6b689e1b2a40fa98c75f03b0c3cbd0f19f549e069751ff
Huawei Technologies Internet Mobile unicode SEH-based buffer overflow exploit. Works only on Windows XP SP1.
94121e361b21a76c84d21b0577c7bd10dbd0821cac5bd77f02b44d238e67dc90
Multiple Harvard sites suffer from a cross site scripting vulnerability.
fd348532e888a168e85335a433f44b72beced3ef4748cacc087f173116c96f3d
Auxilium PetRatePro suffers from remote shell upload, add administrator, and remote SQL injection vulnerabilities.
6024f5b4c8646cdc47ee02ffd2991ddc141178ad096133a6cc83d5f57b2431b2
Offerings from identity.net.au appear to suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
9d2b322ca0da60c2b5e188c1b11e40334906f2e57061c75eb61055d5fd9838f9