This Metasploit module exploits a vulnerability in Microsoft Internet Explorer. A memory corruption may occur when the Option cache isn't updated properly, which allows other JavaScript methods to access a deleted Option element, and results in code execution under the context of the user.
307b7adfa8d05c300b48db94ceb041a3ced231d646f14a788423d6874081b7c4
This Metasploit module exploits an authentication bypass vulnerability in eXtplorer versions 2.1.0 to 2.1.2 and 2.1.0RC5 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to any writable directory in the web root. This Metasploit module uses an authentication bypass vulnerability to upload and execute a file.
8483dda079be04a44863b410b51eecbb3374b00177e8c973282a9974a2918555
Nero MediaHome version 4.5.8.0 suffers from multiple denial of service vulnerabilities due to improper handling issues.
a667ecae12bef1ca764da84656ce5d402feb400df56dbf141eca769b9ea9f54e
Samsung Kies version 2.5.0.12114_1 suffers from a buffer overflow vulnerability.
ba64ccf75ec04e06017109e58437056a7a1dbd3ba88cbccb70812d4d1fcc3311
Quick.Cms version 5.0 and Quick.Cart version 6.0 suffer from a cross site scripting vulnerability.
8252388141e7acdab8a3ad358488b4c7928f6202ea3ddb4ef3a0897770e81079
Websitebaker add-on Concert Calendar version 2.1.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
08f398cedb0b208dc2348c5f4b971fa4c1f1f8a17d18a0ccc2f9741ea6710a5b
Inmatrix Ltd. Zoom Player version 8.5 memory corruption and arbitrary code execution exploit that leverages a crafted JPEG file.
e93c531005e5c45acf7db63cf82c525cc84d2dc9abe53bbded611012472ddc3f
WeBid version 1.0.6 suffers from a remote SQL injection vulnerability.
ef41b2d6bc97d34ca048f725d9b129c4675df101d0c695328fc8a1ead4856ed3
Free Blog version 1.0 suffers from remote shell upload and arbitrary file deletion vulnerabilities.
046160c2bebcad5524fa1b471bdd14084971b0c1484eb63472002891c5138a53
Watson Management Console version 4.11.2.G suffers from a directory traversal vulnerability.
cd68cebca871fa857fd92a06863d08fe109c6863e7c6ae3cb2dcf499712269e4
Exploit for Colloquy versions 1.3.5 and 1.3.6 that triggers a denial of service condition.
4636db7755d6aeed2ca9f21829f1a721a8ce8c1a886f99cc24ff2e213292c663
Joomla Incapsula component versions 1.4.6_b and below suffer from a reflective cross site scripting vulnerability.
c5607c9cd5809d111ccf666b897697c5865f1a7009fc745dd22e6f522013f58f
This Metasploit module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested successfully on IBM Cognos Express 9.5 over Windows XP SP3.
abf55a041edebfc9c10a71c63250d53ebae7935806c4ab38d15c7743ef4a47b2
This Metasploit module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL server is exposed on a accessible IP and Wordpress has filesystem write access. Please note: The admin password may get changed if the exploit does not run to the end.
d86ee12abd38355eaa0ede874337844297f09019b89cae1d861c414675387207
Advantech WebAccess HMI/SCADA software version 7.0-2012.12.05 suffers from a persistent cross site scripting vulnerability.
c464b8149b11c22b146cd1282f4bc0fb07c6fa07603793bf344a5c29515c7e5f
MotoCMS versions 1.3.3 and below suffer from password file disclosure and shell upload vulnerabilities.
50ef5f1a3f0f908dddc8abdea740939f5d9baf76b7b62233a900f21d57fdd029
Joomla JEvents component version 1.5.0 suffers from a remote SQL injection vulnerability.
f73ecc331c5f2a72a9a9d7a40c3985adb1997944ebf0d29c9f417a53c84b9f1e
Sites designed by Saggitarius suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
0ce97df760e60c7cca115361adb9c40dc4b35138903d91d2d8595981f11d078f
ProjektB CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
4998020a38d8d94d01f56166bc6ccd988a51688158596a9e158984017670376a
XML Sitemap Generator for WordPress versions 3.2.8 and below suffers from a remote PHP code injection vulnerability.
392e6bee500cdf72349e1e6a1fa71c23a6256f393a3c9c89859bb4d62cc50e32
Ettercap versions 0.7.5.1, 0.7.5, and 0.7.4 and below suffer from a stack overflow vulnerability. Version 0.7.4.1 is not affected.
441cfdeb1206f31b83110efd5e60a48cc510f71789d13efdc3787ca345080ca6
The Foxit Reader plugin for Firefox suffers from an overly long query string remote stack buffer overflow vulnerability in npFoxitReaderPlugin.dll. Versions 5.4.4.1128 and below are affected.
6a542e992542383195aaa18e60759b3a2bfb1211b67ab8744bdec617dbce8df3
The LoginActivity of the Facebook for Android application has an improper intent handling flaw that allows for malicious Android applications to perform private file theft. Version 1.8.2 was released to address this vulnerability.
bfd6840f9cf9dfaa8007ee516aa404c4986914448f276af4a47c918238fb498d
Symbolic links can be used for spoofing Content-Type of local files and this enables malicious Android applications the ability to steal Chrome's cookie file. Version 18.0.1025308 was released to address this vulnerability.
20dd3d870f049909a9ad1c797062381c1dafee9065f6baad9f3348dc65d0e398
Chrome for Android's Same-Origin Policy for local files (file: URI) can be bypassed by using symbolic links. It results in theft of Chrome's private files by malicious Android applications. Version 18.0.1025308 was released to address this vulnerability.
31b4f82055384f1f95a84986da35e99a7077219bca1316b3a7026760d9c6556a