WordPress ArribaLaEsteban theme suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
46b56b583d13fbd785a4b7cafc11564f5d8cb0aa6772383501590c78c12e0df9
WordPress List Communities suffers from a remote SQL injection vulnerability.
c4de9d572b2d132ae0dfb5d55c3e39b3e3caffc8e6b4596397740a702e797fdf
Sites using Agencia[e] suffer from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
33214a7e0b37867304fa84e40e5eb67bc5518bce9a0bff9de4fbabcf42906abb
NFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to upload arbitrary files via a directory traversal while handling requests to /FSF/CMD with FSFUI records with UICMD 130. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).
6e8968d0aa343e5878b656cc49cedf13effdc0839611e2fbdacf11ca679628df
Friendsinwar FAQ Manager suffers from a remote SQL injection vulnerability.
92e36cb7108edc9a74b69d10351949489ad7b525325db1dfa75164b9de07491d
Open-Realty versions 2.5.8 and below suffer from a cross site request forgery vulnerability.
92329b7043af1d4783fb11947d21277ddc61a87ca7d8cda419922fc9dd67a8c8
MPC (Media Player Classic) suffers from cross site scripting and denial of service vulnerabilities.
9b1a81a8cd2194bc5a76801841955ea9df4393b8078734072443a73fe1df4916
Kies Air suffers from authorization bypass and denial of service vulnerabilities. Android version 4.0.4 build number IMM76D.I747UCALH9 is affected.
426a0fb2aac0ca8cc014f2eaf42bb99b39915cc9ada276b50cb2454adf81aa57
BugTracker.Net versions 3.5.8 and below suffer from remote SQL Injection, cross site scripting, and file disclosure vulnerabilities. Full report and advisory included.
f6d5f1fa984abc41834fd266a98e43d88d5e71390ad9ba926bb5a1b98c758c10
Broadcom models BCM4325 and BCM4329 suffer from a denial of service vulnerability.
cf980fa9d05cceaa362eff7a28f9098ac75e401737d2e0e9b98614a78571cf97
Friends in War Make or Break version 1.3 suffers from a remote SQL injection vulnerability.
81ad86c40bc7d1ac6b2dfe9298413b363facb2e3856fb74dd248ce7d89c741ce
WordPress Tagged Albums third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
3f38e28c0351687111b71297dd167293add631c46e45b2e92ccf7781e74f16e4
Rollingstone.com suffers from a cross site scripting vulnerability. As of 12/23/2012, the author noted to Packet Storm that Rolling Stone has addressed the issue.
ccc58a651ef83f70fa9a186c7a2e6ef83c0652b758b8f4e789afe50c63a45c66
This Metasploit module exploits an arbitrary file upload vulnerability on the Client Analyzer component as included in Oracle Database 11g, which allows remote attackers to upload and execute arbitrary code. This Metasploit module has been tested successfully on Oracle Database 11g 11.2.0.1.0 on Windows 2003 SP2, where execution through the Windows Management Instrumentation service has been used.
84145a2bd1465f746c9f1fb3cb57ffe9811d8c12fa296a6bdabb07a13010b2ad
Novell NetIQ Privileged User Manager version 2.3.1 suffers from a perl code evaluation remote command execution vulnerability in ldapagnt_eval() in ldapagnt.dll. The secure web interface contains a flaw which allows, without prior authentication, to execute a Perl script with SYSTEM privileges. This can be done by sending a POST request with well formed data. Full exploit included.
f2677910b884afa12ade6e175014677e91e4db77215c215f570b78204891f70b
Novell NetIQ Privileged User Manager version 2.3.1 suffers from a remote code execution vulnerability in pa_modify_accounts() in auth.dll. The secure web interface contains a flaw which allows, without prior authentication, to change the password of the user 'admin'. A remote attacker then could login to the web interface with full privileges and trigger underlying vulnerabilities to write arbitrary files against the target system with SYSTEM privileges. Full exploit included.
cb5b36fa91506836a8939d6ca42408814c64880b86065e5e6fb112b35bf19520
iDev Rentals version 1.0 suffers from multiple cross site scripting vulnerabilities.
f49da30c25577ddf778c0ccd319f4256b0419b13ab196f1602832edc06d22abc
Friendsinwar FAQ Manager suffers from cross site scripting and remote SQL injection vulnerabilities.
35337c062bae0717390401b351c07341d274c3e80221eb3e15364f51ee464aea
MYRE Realty Manager suffers from cross site scripting and remote SQL injection vulnerabilities.
d5ff8b648ad3cae3d14441af81959bea74776efd85a682de5df454716026745e
BabyGekko version 1.2.2e suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
15766bd77f90d3557a510c8aad6e0286a9c018097e660157f8489b73cd044cad
ReciPHP version 1.1 suffers from a remote SQL injection vulnerability.
f54d0e90430b38774a0ef5969347d9173696afd36770149c7b94b66070bc88bb
Narcissus online image builder suffers from a remote command execution vulnerability.
1e7e866c2471ee4f3e78a4cbfbe1c015cc3162c100922051cb553dfb05ba2c43
dotProject versions 2.1.6 and below suffer from a remote file inclusion vulnerability.
fa2ee4b0d4a5a30660b415dc6dd6f5911f2d4414c98606428fee81675aaad1d2
MYREphp Business Directory suffers from cross site scripting and remote SQL injection vulnerabilities.
70cd134c606c7842572913c8c656a1d3cc1d019a4b524b4cadff9d468705d834
MYREphp Vacation Rental suffers from cross site scripting and remote SQL injection vulnerabilities.
9bccf8f7c5e08e2baf602e08cb0c1a1e04e78dad4bb5f371893e40e7a2a40d03