ES CMS version 1.0 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
daa80edba48418d7f028eef0daced982f7b36eff55719be1f08023c6b001181e
swfupload_f10.swf and swfupload_f11.swf both suffer from a cross site scripting vulnerability.
a064f09576b12ab9d5a45fe75c0226e749c3b0025cd2959f6177a48202d94b92
Army Ezine Colombia suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
15188ed796801a9d0a3f0e2dab1c9a7050d8a3174f895338116f2f758fe78230
jBilling versions 3.0.2 and below suffer from a cross site scripting vulnerability.
4ceac8d0fc1f1afec1cf3dcadedca25fa1795ffaf93a687d404a447d3f2a5c35
WordPress Malmonation theme suffers from a remote SQL injection vulnerability. Note that this theme is specific to this site.
5e7908209d87b1e1f212f6ab59e22fe30ff71c8f26dcbfee81ee4769a88aa0a7
Beat Websites version 1.0 suffers from a remote blind SQL injection vulnerability.
88a56d21e7494bc2d27b6237a91c756294b7134a1ab51354af09d4a448df1cce
Greenstone Digital Library Software suffers from cross site scripting, password file disclosure, broken salt, and log forging vulnerabilities.
6abb1bda55fdf2a144f85a5781c58e9555df57ab3346329f169d03b28b7f55e7
Cisco WAG120N suffers from a remote command execution vulnerability in setup.cgi.
3f3738e0fe87c901ce923fe505448e7d8a980e7ffb970f817472dc722f51bd86
TrouSerS denial of service proof of concept exploit.
e1cf51f8e3c0f3a2a12e173d4fc14069721e2a542f1a4f8e7716091868d553af
The Twitter 5.0 application for iPhone grabs images over HTTP and due to this, allows for a man in the middle attack / image swap. Proof of concept included.
e23c89d44db9163f784b4ff04d606d1d56ae5646f4b6067a4cf9eb08c6eab232
WordPress Zarzadzonie Kontem third party plugin suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.
dabbf8f277721a115251a4fc9ddc214797c96b3fbf36964e3d3366e8ea03717c
WordPress Zingiri Web Shop third party plugin version 2.5.0 suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.
33e48b2629820bb1f49eb5160c1b5e85747875d370c0743db0987af583804bcd
WordPress Webplayer Player third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
d69cd4bc562251e4c95062dd6d91dc522ad3027613df830d537ee3bf94f409e3
WordPress FS-Real-Estate third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a95cc5c4f3002f51988d57a65b80a57548cc9d52aa6c7054c64b6cab72660b0c
Gianni Messina CMS 2.0 2010 suffers from a remote SQL injection vulnerability.
7413f864df6b0ffa6276a50f18c07ec9b0803cac1c325169b0ab7f2f1ed57b44
WordPress Simple Slider plugin version 1.0 suffers from a cross site scripting vulnerability.
b62822bddeca9f6484d902fe80cc09828535e9f746d5cf7e2ffa58d421d49075
Simple Lighttpd version 1.4.31 denial of service proof of concept exploit.
bb9db2d5fb90777223307f529d060fc6a280653ad1ae2d1bd6798d5cfd9126c8
WordPress Plg Novana third party plugin suffers from a remote SQL injection vulnerability.
981db04fd87b5d87619c34a16a05e6dbd45876887adce6d3423107dafc1af622
WordPress Magazine Basic third party plugin theme suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a0f0a2bb4d25112d7a6582eb26bee1291efed1a5f1e1f840369aeeedd948fe27
ManageEngine ServiceDesk version 8.0 Plus suffers from cross site scripting vulnerabilities.
8616515dfc840b10244580b4236a536565045ddd3abdb1854b027016b0b960d7
dotProject version 2.1.6 suffers from cross site scripting and remote SQL injection vulnerabilities.
d46225e6ffc0eec269ac97abe0411a6f3763bb5a9ed63edecc2da5f6af7a7779
swfupload_f8.swf suffers from a cross site scripting vulnerability. Affected systems are TinyMCE, Squeeze Documents for SPIP, Upload Manager for Radiant CMS, AionWeb, Liferay Portal (Community Edition, which earlier was called Standard Edition, and Enterprise Edition), SurgeMail, and symfony.
7cb01fdd1e05d212be9f91472666f74a1a2ccbefb7f0261aa01eccfa4a976751
This Metasploit module abuses a lack of authorization in the NetIQ Privileged User Manager service (unifid.exe) to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code with SYSTEM privileges.
f79aa10f08abac5de98e9a1207c3259575b8c431b2e93a15ad5ebc8cf3d70dee
PHP Server Monitor version 2.0.1 suffers from a stored cross site scripting vulnerability.
a66b0a9487b95c5307915eccadb39223d33aa5451ae999c36c581fabd1220cfc
This Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.
e4e301239f9dd9233d1f53f7eeec494854791ab17cbfc496d7ff9fc4c9b4e501