Microsoft Office Excel 2010 memory corruption proof of concept exploit.
0df178e45417b53cde74b1e1ad25ed1e46b1b3da0052271a76eb500b5cd88c18
Arora version 0.10.0 suffers from a DLL hijacking vulnerability.
3b16421b250afbbb93f4a541254be6b109d4ed90df6048ae29bec103bef5afa1
Gramophone version 0.01b1 suffers from a cross site scripting vulnerability.
9a5b7f1d75d39c8243db9196336bba6a28809e6f294600da4c464d019c5081b3
Allscripts Homecare client versions 6.1.0 and 7.0.1 suffer from a local memory corruption vulnerability.
e61dd63f1038ddb7e663470bfe50f0750075133ada0a3baaf17a8d05dad3e126
WordPress Easy Webinar plugin suffers from a remote blind SQL injection vulnerability.
884e037eaaa98050d5cebdeb809fb4c19fbe143bc3984a65c51407480dd6f4e2
The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from an SQL Injection vulnerabilities when input is passed to the 'product_id' and 'grade' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 1.0 is affected.
e1146a5b942521c7537f27d1e9e6daf8576dafc19293f31ca192b5c83d4684a8
The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from a reflected cross site scripting vulnerability when input is passed to the 'product_id', 'pi', 'project_id' and 'funder' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 1.0 is affected.
a8958302bb602beff4ebb5517ad18454b487ae666d4353e85526aec09144e0a6
Layton Helpbox version 4.4.0 suffers from a reflective cross site scripting vulnerability.
3827c1464b24bc29ab3e651ff29501dbfd6b5cd47b535b390f6cad47d2082994
Layton Helpbox version 4.4.0 suffers from login bypass vulnerabilities due to improper cookie design.
16ee66d4cbd6d224b10fa5f95bc298defb75ded84f60334c0975efd6f7d244e2
Layton Helpbox version 4.4.0 suffers from embedded cross site scripting vulnerabilities.
84e000e3e44575e7d56f64a765baeb3ba0680194d10cef458af3c321b7470c55
Layton Helpbox version 4.4.0 discloses login and password information for the database in an error page.
ffb1e252d827f52f414c14552b658fe20322ca6da03f2bccb5d2f3d6fa1aa597
Layton Helpbox version 4.4.0 suffers from an authorization bypass vulnerability.
8d734fa89fe9433ad116e55adc6c356d0f247f3c345dfda0b0958a1e8896b8d4
Layton Helpbox version 4.4.0 suffers from multiple remote SQL injection vulnerabilities.
6c5cc1580cd23e491855f8f601ab13345165ca92e85aa068fc7ba33c894be7fc
Inventory version 1.0 suffers from multiple cross site scripting vulnerabilities.
1292d00cbc8131c9d80118a786712087616de0bf11a88f616f6a7005190143b5
Inventory version 1.0 suffers from multiple remote SQL injection vulnerabilities.
befb2b4b941cc0e1fb457e807d5670f439ed489fe807f04ff00438accba64dee
The Aladdin Knowledge System Ltd. PrivAgent active-x control version 2.0 suffers from buffer overflow and insecure file download vulnerabilities. Buffer overflow proof of concept included.
9a55abf480664665e35217155ae1a22dc463dfe106da40a050d4ea0d36c8c45e
VicBlog suffers from path disclosure and remote SQL injection vulnerabilities.
067f350bd0ef6ecc3e6552ba562514f7c815b69e8cec2871fbedccc998dd9782
Bitweaver version 2.8.1 suffers from local file inclusion and multiple cross site scripting vulnerabilities.
47ea855b5b88d6c3266a6179cebd05aafa03ffcf5121153a984f4e7fad08a2bc
WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.
8eac246e079c2e20610ea5b3fb4b19023d217d4774055a243a7bbe5f34191b0c
The Wysiwyg Imagelibrary add-on suffers from a directory traversal vulnerability in select_image.php.
f95d8cfa9bbf990cef1d2f8027dcd10b67902dbbb539bb26ac86b28d980af3a3
Inout Article Base Ultimate versions prior to 2 suffer from cross site request forgery and remote blind SQL injection vulnerabilities.
831d1c4d5bb5f52d532ddd88097b54985d05095d7c28b49e19626e680e99fa2a
ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cs_lang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell.
50280bcb8c3b2e6ce87a096338f3c12375645758f8f387468802187432e5f378
Errors thrown from manipulated SQL queries in Contao version 2.11.6 leak full path disclosure information.
7e6b48191d1b037c49db3bb5bf91ac674378024ef6feaf084e613f9089ca9dec
Sites designed by Zomorrod Web Design suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
efbf318f4c7cb5cfedb51d243ed1d7fb0cbbe9a86253985411d3408497f25171
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Microsoft Internet Explorer versions 8 and 9. The vulnerability is caused by a use-after-free error in the "mshtml.dll" component when processing certain "scrollIntoView" events, which could allow remote attackers the ability to execute arbitrary code via a specially crafted web page.
f1a197c1783c02ee319890a13237b275d13b69b33b95c58bfe6caca575473a2c