Matrix42 Service Store version 5.3 SP3 suffers from a cross site scripting vulnerability.
d431e07e2090b3ecb928537ec9c68ab0d5ece0d754b16cb65ebe58d7828b3216
Freefloat FTP Server is prone to an overflow condition. It fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted 'USER' command, a remote attacker can potentially have an unspecified impact.
9b812ca885b40a06ed5af29596e9d126320a1646dbcbe6be64b5c81887642462
Oracle WebCenter Sites Satellite Server versions 7.6.0 Patch1, 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 suffer from HTTP header injection and cache poisoning vulnerabilities.
b211d5ba79c2e4506fc8c437bbb356031d7bc5df5b5dceb6705801d00369973b
KrisonAV CMS version 3.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
67fef60fe75255a54bdaa421e598033b564c3cd7f9a2ddc60ad14b24dcb74af4
The Java active-x control in Java Web Start Launcher suffers from a memory corruption vulnerability.
bda67853310f31100eb0d7eabe5f41ccba0af48ed6d9d0588dbc627b879ca5c2
Sitecom WLM-3500 routers contain an undocumented access backdoor that can be abused to bypass existing authentication mechanisms.
f2ecdb133a910caba3fe823da7e97c6b19b3cd08e31d2581b74733a09d7fc2c9
ZPanel suffers from a remote PHP code execution vulnerability.
cb33afd179e83c86b0ed86861357632fc5c668bcaac89201cd95e4351ee00eaf
Sosci Survey versions prior to 2.3.04a suffer from authorization issues, cross site scripting, and remote command execution vulnerabilities.
2688b19fa954cb3f1486c7c46ca8d36690ad27229d60a36c584a5f2d3a45c7aa
Ruby Gem md2pdf suffers from a remote command injection vulnerability.
961566ce1e369fe89fe75f7891fe11b15c66c71e0cc7df7e1c118806ee180d04
phpVMS Virtual Airline Administration versions 2.1.934 and 2.1.935 suffer from a remote SQL injection vulnerability.
282bd37492867359700c3d9ed98a2554d15a27fab949a2e40a1ca0baa6ea24d0
CMSLogik version 1.2.1 remote shell upload exploit that leverages upload_file_ajax().
388dfda9e5c2864733fb1f35877311c346de30bf143c65b9a736d9621df80c12
CMSLogik version 1.2.1 suffers from multiple persistent cross site scripting vulnerabilities.
0d689e042dfbcc06d7598ea63bfdfc89986778efbd29a42b5b292eb8d35e93cc
CMSLogik version 1.2.1 suffers from a user enumeration weakness vulnerability.
e2341029bd4b0b4be62556695943838129160100fef2bcf39d008c3fc5e97008
MinaliC webserver version 2.0.0 suffers from a buffer overflow vulnerability.
0368ebe30258a7e6df0bdfd9d65bf94b7d08b537ae3d922547fa707b52bad52c
Vanilla Forums Van2Shout plugin version 1.0.51 suffers from a cross site request forgery vulnerability.
173c0d11460527835e68325e42e00b9fd39bc5fa0ad7310af48fc30fd202963b
Todoo Forum version 2.0 suffers from remote SQL injection and cross site scripting vulnerabilities.
a11346eea696bb6663bfb860910f35574ec0f7b413d886b7e815a47c0c3bc4d3
CMS Dotclear version 2.4.4 suffers from cross site scripting and content spoofing vulnerabilities.
625cc001772f2b42ce6045d05996c1d2b54a79d66309e300357424fc1b5ada2f
Free Monthly Websites version 2.0 suffers from a remote administrator password change vulnerability.
5aecf00d7ce6e1785cc4193913734940a6131a87063ea8e2853b2b31cca91f21
The Nagios Remote Plugin Executor (NRPE) is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dont_blame_nrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NRPE makes an effort to sanitize arguments to prevent command execution, it is possible to execute arbitrary commands.
f33086fbee9f7124aeac1e79a41679cd8f0bbbf1e8197cf0cad44c79bd7aa876
Ruby Gem kelredd-pruview version 0.3.8 suffers from a remote command injection vulnerability.
dd1b24534bc513df316ed360fb139f228b8988566fe55fe24f004ec934cc9308
ircd-hybrid version 8.0.5 on CentOS 6 denial of service exploit.
1ad9d4b2dbdf42d96561ba07e7956a32432227a3ff63dc81f94e3ce9afd25f47
Some DLink Routers are vulnerable to OS Command injection in the web interface. On DIR-645 versions prior 1.03 authentication isn't needed to exploit it. On version 1.03 authentication is needed in order to trigger the vulnerability, which has been fixed definitely on version 1.04. Other DLink products, like DIR-300 rev B and DIR-600, are also affected by this vulnerability. Not every device includes wget which we need for deploying our payload. On such devices you could use the cmd generic payload and try to start telnetd or execute other commands. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This Metasploit module has been tested successfully on DIR-645 prior to 1.03, where authentication isn't needed in order to exploit the vulnerability.
f2ceeefd8dbcad542f7e425fc2a4629e678ed768c94c49906f4e9341a1042096
WordPress Spider Video Player third party plugin version 2.1 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
0aa8bf2204ceb54e7de1eedadf4a7ae0f5b8de03743913c9e5d4ed5787982ea7
BigAnt Server version 2.97 DDNF username buffer overflow exploit with DEP and ASLR bypass. Binds a shell to port 4444.
b114dd8d646dddbf65d73b849faaedfb56e723603110598c6f7794f930cfb69f
Some Linksys Routers are vulnerable to an authenticated OS command injection in the Web Interface. Default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. The user must be prudent when using this module since it modifies the router configuration while exploitation, even when it tries to restore previous values.
842e633a501f723e29c147350b0f672da78b474050f74be28f55d1501d673b3c