Rebus:list suffers from a remote SQL injection vulnerability.
346eae0666cf8b6d57c06d6863f4273a4dc4aad8a7f734a187ea2a43318b2d8a
The Joomla RSfiles component suffers from a remote SQL injection vulnerability.
878f37ba2d41f24faeb5ec2926a1b3e8e8e8dae83c8e76e91355b9fa3d139ead
WordPress Simply Poll third party plugin version 1.4.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
ddddad68953e748aca3717d171b456e43176604fc0cffd022c7d37a8ba52922e
Sami FTP server version 2.0.1 PUT command buffer overflow exploit with DEP bypass. Written in Python.
8159a50021210d0417c9c4dfb1db9a6b41e41225e88e15e69485e9a6794eb4d2
Scripteen FunPhoto Mix suffers form a cross site scripting vulnerability.
e8c7ce5534c56e058f80854b0ef2e32456a54d16c50b0b3203dd20fef2710264
Polycom systems suffer from a format string vulnerability when creating a CDR entry. Polycom HDX series versions prior to 3.1.1.2 are affected.
8998433b0bea32dde00acd6d3311c61443b062424f5faeac20c6cdfee2adbe3b
A simple H.323 SETUP packet can be used to commit a remote SQL injection attack against Polycom systems. Polycom HDX series versions prior to 3.1.1.2 are affected.
c8ef16e32d79b56646936f40819360d5231808c030efb457b8afed16f3c94923
The firmware update functionality in the Polycom web interface is vulnerable to a simple command injection vulnerability which allows an attacker with access to the web interface to execute arbitrary commands on the underlying embedded Linux system. Polycom HDX series versions prior to 3.1.1.2 are affected.
eaeed66e6e35211d5de8494085612d6cabc696df21d84244931e4cb825cb4492
DaloRadius suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
dac44b7efab3b59bb2bece48236156df6cdf384dff8f1629a610c458be0fe847
The default installation of Skype is vulnerable to a local privilege escalation attack that allows an unprivileged attacker to execute arbitrary code with NT AUTHORITY/SYSTEM privileges. Versions 6.2.0.106 and below are affected.
d220809c5a2ec3bca6b7d83539650b12420bc8778406212fc05cd585e28a6a0f
The Polycom Command Shell can be used to view and also change several settings of the system. However it can also be used to get system-level access (i.e. root access) to the HDX system. The "printenv" and "setenv" commands can be used to read and write variables respectively which are stored in flash memory. Polycom HDX series versions prior to 3.1.1.2 are affected.
162aad6a25e60bab68f51ec49f90cbda2650407c9f0ac15d752cc71dba4606be
Some Dream Boxes with OpenPLI version 3 beta images are vulnerable to OS command injection in the Webif 6.0.4 web interface. This is a blind injection, which means that you will not see any output of your command. A ping command can be used for testing the vulnerability. This Metasploit module has been tested in a box with the next features: Linux Kernel version 2.6.9 (build@plibouwserver) (gcc version 3.4.4) #1 Wed Aug 17 23:54:07 CEST 2011, Firmware release 1.1.0 (27.01.2013), FP Firmware 1.06 and Web Interface 6.0.4-Expert (PLi edition).
08146370ff7e87193e0ac650501ba578d139728fdb5da79083867c3d68983b6c
WordPress LeagueManager plugin version 3.8 suffers from a remote SQL injection vulnerability. Both an exploit along with patching recommendations are provided.
a3e13cf6b95a3336ab25ac8195f16b3844e2f53413a7db2fbea7d99a9a980665
Petite Annonce version 1 suffers from a cross site scripting vulnerability in moteur-prix.php.
4d7c27491eec42b373a976e3e8c93b8036534ebe80480c62b3a9c04bc029abf3
Google Chrome versions 21.0.1180.57 and below suffer from a NULL pointer vulnerability in InspectDataSource::StartDataRequest.
922f2c1e74a32dc38ee0d67c6334a31517da282683a2f06192b0fea1c6e5da62
A confirmed security vulnerability has been identified with 30 high traffic web sites owned by QuinStreet. The vendor stores database IDs in cookies which are easily spoofed (USERID_COOKIE), allowing all user information to be accessed.
12c6c5deb30c5b87678c3f751877699e042013d41da09a3c32d7c0543db5a1a8
nCircle IP360 version 7.0 discloses the LDAP password in cleartext in their HTML code.
65936fc21494ca5ba065730abc8ffc017c2866821962e6b47e4b86851827acdf
ClipShare version 4.1.4 suffers from remote blind SQL injection and plaintext password vulnerabilities.
a568735b6f3205c221aee116bd737215c0b537dd6bb646bc342ef61168392866
Cisco Video Surveillance Operations Manager version 6.3.2 suffers from cross site scripting, access bypass, and local file inclusion vulnerabilities.
889a7c95fe9ba307b4476548a140238036f8459886d5305efa04819e7fdd2104
Open-Xchange version 6 suffers from cross site scripting, local file inclusion, HTTP header injection / response splitting, missing SSL enforcement, server-side request forging, insecure password hashing, and file permission vulnerabilities.
8be9974c5b91f42a1ca77eb417301430aea4147dc0179c425ee43fbe9ef5c36e
Local root exploit for Fedora 18 x86_64 using nl_table to leverage the sock_diag_handlers[] vulnerability.
1ab629c5ad74a701d6a87ea1e2c30d5f307d18d3171c1f44adb7736878b5c4ba
Proof of concept code that demonstrates a stack-based buffer overflow in the Linux kernel SCTP_GET_ASSOC_STATS() function.
588169341383534eb48214aef23de1ecd3b8f43f820fc7090163879acbcb9dc3
Ruby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization.
c96fc864359b4f3b2f30998551d780075c8307fbf1c24791422f696b650146ef
Ruby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization.
f3b4827a94b047303ccc02b88c3f74c2860bb4df87e899281dfb759760495123
Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization.
1fab775f0aafbbbde6c3e31e5072977d382d54542fa209d3fc109a74349d293a