Allembru Ad Manager version 3.0.2 suffers from a persistent cross site scripting vulnerability.
c17d6ba03ce68cb494b6af0d86c15683782964c178fa3803ff14b4d5f4ad75ab
Calendar Script Easy Membership Management Application version 1.2 suffers from a persistent cross site scripting vulnerability.
16f16c1618bc031526405b1143082ceb9cb684dba30f827742446c5badeaceb5
PHP Shop version 2.0 suffers from a remote SQL injection vulnerability.
bf2e314f6bee9de6279db4056fee862019967da75bdb7fcd33cb0af3c2bb5691
The Serva version 2.0.0 DNS server suffers from a QueryName remote denial of service vulnerability.
b5cbd744342ad1eecd6b836f545154e91f162a2f846c7f9001896942b50d5e8d
The Serva version 2.0.0 HTTP server suffers from a GET remote denial of service vulnerability.
001b100a5c4e82ff91b36a959ef4c456faa5256c9837bae79b525146f1d84dc1
Nibbleblog version 3.4 suffers from path disclosure and shell upload vulnerabilities.
4a9155a4b7e5e0064087bb554e20c312f71b9305a572fb44142bbcdc6c4fc503
The WordPress Daily Edition Mouss theme suffers from denial of service, abuse of functionality, cross site scripting, information disclosure, and remote shell upload vulnerabilities.
335a5efd918ad47de67d9346c79676913e0a6826499a0695731fbd09eb8af336
Microsoft Lync 2012 fails to properly sanitize user-supplied input, which can lead to remote code execution.
61de4ae8908966fb99a4402d4a1ab26569054da13bd2adc7681cdd71ec499425
WordPress Floating Tweets versions 1.0.1 and below suffer from cross site scripting, path disclosure, and directory traversal vulnerabilities.
66b5159581cff7c6e7158f2d4d68344064f524235219abbacb8b3267adfcbb35
Sites designed by Avalon IT Services suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
9d932dd366e09440b53d0f41543fefd4da9996d67d8226c4a4eab660c2ee97b3
This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier.
4a0fb8aa0b393da39aa32b84a93368c9393fd500aac21eeb9e7f26dc757220b7
This Metasploit module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This Metasploit module has been tested across multiple versions of RoR 3.x and RoR 2.x The technique used by this module requires the target to be running a fairly version of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be exploitable using the init_with() method, but this has not been demonstrated.
d099a77a1ca32680eece9ad884f4cd0bf31f1df58198575de5142cf570a88342
Hero Framework version 3.76 suffers from multiple cross site scripting vulnerabilities.
4d0f44952295c2906ae21b003ed926cedf8f15614af2730d2fda474afa75b706
Internet Explorer 8 heap overflow exploit with ASLR and DEP bypass that spawns a bind shell on port 4444.
b570320daa4262220db4c1f58d4fed98a833192b202f58d2311bc5bdd9a38d0f
PHP Lite Admin versions 1.9.3 and below suffer from a PHP code injection vulnerability.
3a897b59d51cd8a739c4daecc9eaeca0a04ab42ea6f0efafd282a2f0a940c923
Orange HRM version 2.7.1 suffers from a persistent cross site scripting vulnerability.
43e75c2701bb946a7b775501f76bbaf709ace8b9e0a562b83aed7b1e8a943f25
SE46 from Cryptzone and Application Control from McAfee suffer from file handling issues that can allow for arbitrary binary execution.
efbcdf48625ce7bc7327f19051a636ea8f8e2c3089629f3de29c07c0d05ac2b9
WordPress Gallery plugin version 3.8.3 suffers from an arbitrary file read vulnerability.
53fde8d2df0a47c183ebedd6f9ebbfca383484d402ee8eb3004bbbacb87a7f2a
Prizm Content Connect version 5.1 suffers from a remote download and code execution vulnerability.
7ace198c0e8fe9862c5b068428b6d842af8fdfbe78822a19139d611c91c46320
BT HomeHub version 3.0b has a remote vulnerability that can yield an attacker a root shell. Exploit code included.
c0d6d59e32c4113bf59bfc7217f3e658aad028ac4978ba276e451a4c3b03f97b
The heise.de site suffers from a reflective cross site scripting vulnerability.
8fd7c85439a605e446c8c2cf6fd876c19e8cd23e97fc67b703b2472df1e97294
The uk.ask.com site suffers from a cross site scripting vulnerability.
d02dc9b5ecfddb689cf57fc6a9a5f0736bc0a3ddb1d2c85a32365d8bab49d534
The www.elitepartner.de site suffers from a REFERER-based cross site scripting vulnerability.
3a5739370ac00677e8ce70c188395bb7f6a1ccc2940c8c4135b13a056e87a498
Business Solutions CMS add administrator exploit that does not require authentication.
fa6b20834c1535c6a89139a7f3194efde7fe3bb133b1ffaf7e80a747ce527856
This Metasploit modules exploits a vulnerability found in the Honeywell Tema ActiveX Remote Installer. This ActiveX control can be abused by using the DownloadFromURL() function to install an arbitrary MSI from a remote location without checking source authenticity or user notification. This Metasploit module has been tested successfully with the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and Internet Explorer 6, 7 and 8 on Windows XP SP3.
b30345fc0ce669f179e6185df91c57d68d20a383c5a011c0ba877c1319ef539b