On some default Linux installations of PostgreSQL, the postgres service account may write to the /tmp directory, and may source UDF Shared Libraries from there as well, allowing execution of arbitrary code. This Metasploit module compiles a Linux shared object file, uploads it to the target host via the UPDATE pg_largeobject method of binary injection, and creates a UDF (user defined function) from that shared object. Because the payload is run as the shared object's constructor, it does not need to conform to specific Postgres API versions.
c51dddadd2b2d88c86fc65284de0c6ecc7a31786c8b947b7ba7c753e87036e3f
PayPal Community Forums suffered from an open redirection vulnerability.
da62009cdea92dc82ba2895b0dd479190833d31a9304a4504e58806e3949fef4
PayPal suffered from a persistent cross site scripting vulnerability.
e3a53bf9a3cb0081fa271e9eece1789f2586fde29ba667218e8a35540c8d0a25
MyBB Social Sites plugin version 0.2.2 suffers from a cross site scripting vulnerability.
a0e24edd3dd9a51028135bcd60e969fabcbfbbeab5e7a36e267ae93717f7cc90
OpenDocMan version 1.2.6.2 suffers from remote SQL injection and multiple access bypass vulnerabilities.
b865110065c53e1f31eed37d7378c899a40f17fdecd48dbbcec488cf1491d1be
Addressbook versions 8.1.24.1 and 8.2.5 suffer from a cross site scripting vulnerability in Group Name.
20aebf2bfe9b011017e46733e1177c025ebc2f405f02f295a97fb67315a1919d
MyBB Facebook Profile plugin version 2.4 suffers from a persistent cross site scripting vulnerability.
b596494df8015a26ec8281a40e0e59804e68ace1412db001cdfc5f9f92f4775e
MyBB MyYoutube plugin version 1.0 suffers from a remote SQL injection vulnerability.
96237158a6461e3346db891e94efe14ff8eaa4cfef063fddd459847dee10f323
Cisco Wireless Lan Controller version 7.2.110.0 suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
7f735255a4061458df999f6cd3debd65949064ebec7a5945f03af105fd41ea9f
MyBB DyMy User Agent plugin suffers from a remote SQL injection vulnerability.
a8a2eb2944aa5dcefd861c252a254b4563f92ce0c1586963e669bcfbf992580d
Centreon versions 2.3.3 through 2.3.9-4 menuXML.php remote blind SQL injection exploit.
d04b644c764a41f28eca2c71a041e69645a678273c302fafa28bfe8fac2f9c4a
WordPress portable-phpMyAdmin plugin version 1.3.0 fails to validate the existing session allowing a user to navigate directly to the interface.
635ba61336555a6ec94b472a5ccf980487338b18f6471804097b5b53d1873419
Novell File Reporter agent XML parsing remote code execution exploit.
d97019b8d30cf82a531d15b67988c264ae384da68ddc63da71ca44d3e9fc1cd0
The MyBB TipsOfTheDay plugin version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
3f3e2279dc77a79ff331918ccf4d8bac17b1fe7e1b582d104f49f4bc4a6e401b
OracleBI Discoverer version 10.1.2.48.18 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
c58ffd83bc1d7695546e8dcb6e1cb866aa14898088f3a34b7212334f210fd971
This Metasploit module exploits a stack buffer overflow in HP Data Protector 4.0 SP1. The overflow occurs during the login process, in the DtbClsLogin function provided by the dpwindtb.dll component, where the Utf8Cpy (strcpy like function) is used in an insecure way with the username. A successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.
5f48e6eddcdea7f49b54140b15408fdea2d0b9f566799a073770127a3896e0b8
Axway suffers from a directory traversal vulnerability.
04f8c9608f7b081b5b9f36da218554d16571200bee8fe3757da362b47b6ab9b5
A security vulnerability in Internet Explorer, versions 6 through 10, allows your mouse cursor to be tracked anywhere on the screen, even if the Internet Explorer window is inactive, unfocused or minimized. The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads.
9620aa1b047f609f033a379bbdd5599317f9e375d596dca4ac5843568aa76fa3
MyBB Profile Blogs plugin version 1.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
99365166b379b24a1e62bdad682fab348042ecd9020dad7c86223aa0e2485bea
IrfanView version 4.33 suffers from a code execution vulnerability in IMXCF.DLL.
0a1f142ba76135c7bcf860c32266bf1a855ad2cd191192fcf8ec2176558f0b9c
MyBB Bank v3 plugin suffers from a remote SQL injection vulnerability.
8b7b4808b066772f9bf0187917fb4d6afe4c2c05f6c110e936183f8394da4506
Smartphone Pentest Framework (SPF) versions 0.1.3 and 0.1.4 suffer from an OS command injection vulnerability.
906c7eea1fe12f12b9b25999c7595434ecd7575528a011fedfc47fad23b37053
Joomla Jooproperty component version 1.13.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
ecb0bb0f7042b4fec4ad2c830d6701de883a1b4f5539f0e112f83b938f85f6b0
SimpleInvoices version 2011.1 suffers from multiple cross site scripting vulnerabilities.
3ecfc994ac4e984591a3608e192e99266ae5c16efedfadf34bdef7ec941368bb
Snare for Linux suffers from a cross site scripting vulnerability via log injection. All versions prior to 1.7.0 are vulnerable.
d22ada759dcbc1d17dafab44a19f943b1bb0c438c37fb13503433ad75f387109