Nagios NRPE versions 2.13 and below suffer from a remote command execution vulnerability.
e554055ae18cd9fe6bcd14421d423114eca4f1e47b88e319df4e7a81bb4acf86
The Samsung Galaxy S3 w/ Android version 4.1.2 suffers from a bypass vulnerability due to S-Voice allowing the launch of any command even when the screen is locked.
f859a2a4bfd30be0e55663fe5c258853b5ad3a563064a6354107e8e25a8fc7cc
Skype Community suffers from a mail encoding vulnerability that allows for cross site scripting.
f875298ab79c2bac8df467b2c5020347cac0994efeb657b8bd749495b90c5e33
PHPMyGallery versions 1.51.010 and below suffer from cross site scripting and local file disclosure vulnerabilities.
20d47589fda76b6266aba44c1e813c04372ac15ad0236197863aa8da862bb577
Web Cookbook suffers from file disclosure and remote SQL injection vulnerabilities.
190be9195cee32cae8fedc09d268ca560d5320e5f2cff88ab751a247c7d6146b
OpenEMR version 4.1.1 suffers from a cross site scripting vulnerability.
2794e272098c49fab5ad0608f9d0bb8abb46fa3cfb850da04587f0f744cfa619
EasyWebScripts eBay Clone Script suffers from remote SQL injection and CRLF injection vulnerabilities.
b043a94f844af4460c90d1bbb5fd0e0f1838373d2498784f9ce3b6c6d0231de2
Alt-N MDaemon version 13.0.3 WorldClient and WebAdmin applications suffer from a cross site request forgery vulnerability.
7254dc66cd6fba6e9a6eb7e9d46b3ad55c8a16813b7770255f61f633561438bb
WordPress Pretty Link plugin version 1.6.3 suffers from a cross site scripting vulnerability.
0bd94f72723b7408dcb28b0101289332e56f5ec23c7de0a8015324251cd66bfc
The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a predictable session identifier vulnerability.
92424873721cd173dc332823577d395adb3e123a0b90d2cd1514c100d2e80883
Alt-N MDaemon version 13.0.3 suffers from a cross site scripting vulnerability in the email body due to a lack of sanitization.
7325b220864d0b6ff380a077b29aa8c7293ee9eaa3cbb5bbf03f8dd6edefd13d
The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a username enumeration vulnerability based on responses provided.
88ffc39eb1145981a8577ef2cd3a701922e79b7e248031243a1d54728446a564
The Alt-N MDaemon version 13.0.3 WebAdmin application suffers from a remote code execution vulnerability via the user account import facility.
b1e0f846c97665c28984ae715b8e4178e351676b7e1aef82d5ac59c0302500d2
The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a credential disclosure vulnerability. This is possible because the application replies to a request with a response that contains the credentials in an encoded (reversible) format.
5e526cfd34acc8dc5cebe4e940c88c797073c12adce735bb8dc9adf90132aebf
glFusion version 1.2.2 suffers from multiple cross site scripting vulnerabilities.
6306b577c5a62df9e36abe88ce8b0307d8747c5119f8cf35f07026923b542faa
phpMyRecipes version 1.2.2 remote SQL injection exploit.
48cf9d477ec7a80c51ed5ab37dd272196f3a99397e30828b2d1164825dd48df9
RTTucson Quotations Database Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cdcaa384c92df2bf334a9b66417054e96b8f61a54b8d21f9c18d3692cc3dc645
Zenphoto version 1.4.4.1 suffers from a remote blind SQL injection vulnerability.
d966ea31e8b17b2b96cb9927385cb3b427eac99bb64c3cc081daaa582daaf212
This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.97 SP7. The vulnerability is due to the dangerous usage of strcpy while handling errors. This module uses a combination of SCH and DUPF request to trigger the vulnerability, and has been tested successfully against version 2.97 SP7 over Windows XP SP3 and Windows 2003 SP2.
fd7a317c230213f8edc299a76b9d39aee9e244cbb2a205aa46a90b61823d7fee
This Metasploit module exploits an arbitrary file upload vulnerability in BigAnt Server 2.97 SP7. A lack of authentication allows to make unauthenticated file uploads through a DUPF command. Additionally the filename option in the same command can be used to launch a directory traversal attack and achieve arbitrary file upload. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of BigAnt on Windows XP and 2003. It has been successfully tested on BigAnt Server 2.97 SP7 over Windows XP SP3 and 2003 SP2.
dc87880460e34e43169ec0e0613b958641d3dd6f47c0902d800d64b756f31d6e
This Metasploit module exploits a vulnerability found in OpenEMR 4.1.1. By abusing the ofc_upload_image.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on OpenEMR 4.1.1 over Ubuntu 10.04.
09f5efca41c484db706376ef3dfea164467c56c4d486e5b9040b98c0af8c332a
Squirrelcart version 3.5.4 suffers from a reflective cross site scripting vulnerability.
a46543a8bb0ab278d3990bfe150c544ddc8dd309411ee1a9c232ac64cf315571
YAML, MultiProject extension for Trac, UserCollections extension for Piwigo, TAO and TableTools plugin for DataTables plugin for jQuery are all affected by the cross site scripting issues discovered in ZeroClipboard as they include the swf.
d81a83c614cfc84ec66ca68b939dab7074dc98d401693f0c5c6943182dcd0229
Kodak's Insite Creative Workflow System suffers from a remote SQL injection vulnerability.
dfd8885731a743f54a2b98717b42b9119da28cb80197e4c3bcd619044a40a31f
MyFi Wireless Disk version 1.2 suffers from cross site request forgery, local file inclusion, and remote command injection vulnerabilities.
6ed86f1279f3c02e7df43034482ff6bf89be0c4ffd9b21dc08e458c3678096fe