ManageEngine Support Center Plus versions 7908 and below suffer from multiple cross site scripting and shell upload vulnerabilities.
ce1d93bee37427da393ef8b2a378940e15f95dfe2266842aa8f8b6171109489a
Videosmate Organizer version 4.2 suffers from authentication bypass and path disclosure vulnerabilities.
880befa250d4287f9d17efed7dffd5623e713602127613fb7304b05c5fb437f4
Sisfokol version 4.0 suffers from a remote shell upload vulnerability.
a96997e054286875413e8ada93462f0f65be5c7e12988df9c6f7e6c6a47272e2
The Joomla iCagenda component suffers from remote blind SQL injection and path disclosure vulnerabilities.
c186dd88d27cbd897492034bea5e2be409f2d91cd8ee702fa3a083a05391695b
MyBB Profile Albums plugin version 0.9 suffers from a remote SQL injection vulnerability.
62d5c0744bcf097aeea0a55cc01c5e13dc19b2c4579f7c5c2089f594358480af
Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.
57aec9566565a83d94933270426cb1b822eb107ada1e1ad8c594b19a032e394f
ContentDrome CMS version 1.0 suffers from a remote SQL injection vulnerability.
73c2726296fd2637a01b36529b8bfae0c76aab0e331d45b281cd7bab25811827
PBBoard version 3.0.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
6a8e16b78aad7c01d7d1e7ad57678ec6b2579e91772fb38f8d32343eeb830165
Ezhometech EzServer version 7.0 is audio/video software that suffers from a remote heap corruption vulnerability. Version 6.x is not affected by this issue as does not implement RTMP support. Proof of concept code included.
83dc01eefa9bd8b1d9dfa7caa0f8da4da634aaa850e094de92bccad0ba4308a1
Samsung Kies version 2.3.2.12054_20 suffers from a null pointer dereference and multiple improper access control vulnerabilities.
3be5d1fc00baef95418066a6e177e3648f8af24d33460c51813fe80c0adeb108
Sites created by Desarrollo Web Peru appear to have a default administrative account left in with a password of 12345. Note that this finding houses site-specific data.
3ed266f45efa6a00461e6f8ddd18c1a225feeb756b518fe1d9ac3d16a58d9a4c
Idel4 suffers from remote SQL Injection and cross site scripting vulnerabilities. Note that this finding houses site-specific data.
2fc75908f2553d8aeae8b5218dfc17be77e7b57bc276cf8cacd937e43a7390fd
UvumiTools Crop version 2.0.0 suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.
f613e10dfef91573b2ae31ad870fb775124fbb9dd6c851e315bf574541c8d084
MyBB version 1.6.8 suffers from a cross site scripting vulnerability.
387f3e3cf1de1268c3b4fdd95c8e11ada2eca8551092a1a0a5d18e7dd1c16934
This Metasploit module attempts to exploit existing administrative privileges to obtain a SYSTEM session. If directly creating a service fails, this module will inspect existing services to look for insecure file or configuration permissions that may be hijacked. It will then attempt to restart the replaced service to run the payload. This will result in a new session when this succeeds. If the module is able to modify the service but does not have permission to start and stop the affected service, the attacker must wait for the system to restart before a session will be created.
2d7db2108c548773a92d81355b9be4cd20b7d9069749634dd3a320136b18a734
This Metasploit module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.
32002b0c8c4086baf8a3940e0cae06296538c059e5c62586ee1b23ee757f955b
SilverStripe versions 2.4.7 and below suffer from a cross site scripting vulnerability.
4c7550542451ea3abf2f5bb27ca540286eb9e545957e2347080191a57e3ab4d4
SilverStripe versions 2.4.7 and below are vulnerable to open URL redirection.
7a5cf0049aa34d123e364f2a47df14670511b157d92104c2c329d28fd8fc4c25
P1 Networks provided modems to users in Malaysia with httpd exposed to the Internet and admin/admin123 left in as a login. Whoops.
14dc26fa090dfa6f32132e018c1753ad53ad2bae66fdce2c34653ddcf55975b0
Sites designed by Site2Host.com suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
58479a7fa739bc173a526959ce0afc9afdc4742dce3ae4539623b629bba599c1
QQPlayer version 3.7.892 m2p quartz.dll heap pointer overwrite proof of concept exploit.
76e62852428aaeecf57edfea3aac0ef1c27833899e37aee5d5bfb9b8a831fe55
Cartweaver version 3 suffers from a local file inclusion vulnerability.
4f7476d37a729290441f1030c3abffc237b36f220de952af8a56512a6ffe04af
airVisionNVR version 1.1.13 suffers from readfile() disclosure and remote SQL injection vulnerabilities.
599f5e302ac959a2c1ce8e2f22edf4b212e10b32125c8251f9473dc9cca862c2
Metasploit versions prior to 4.4 contain a vulnerable 'pcap_log' plugin which, when used with the default settings, creates pcap files in /tmp with predictable file names. This exploit works by hard-linking these filenames to /etc/passwd, then sending a packet with a privileged user entry contained within. This, and all the other packets, are appended to /etc/passwd. Successful exploitation results in the creation of a new superuser account. This Metasploit module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd.
4653de66b5cfae88c0edc2f5c0a58393f2d39227d368a5cfa35582ea4cadf8b7
BigPond version 3G21WB suffers from hard-coded credentials and command injection vulnerabilities.
528d35dafb7e12c69511a3b7e37d3507bbea5187e3044ad1f0c8cccc97d468f2