Ruby Gem Karteek Docsplit version 0.5.4 fails to sanitize user-supplied input. If a user is tricked into extracting a file with shell characters in the name, code can be executed remotely.
b21afb51938c4e491625c88dec36626c10a2f58c611fc3dcdcfd45693ccba644
phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability.
373323d449040d80cf19a424efb57660421ebce6af076a5b804b8d44f7724af3
ZAPms version 1.41 suffers from a remote SQL injection vulnerability.
fdbb3c9ac475faabb959b176c865bb90290f7c1e94579706c71fa54561f748d7
This Metasploit module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03 including arbitrary command execution in scheduleedit.cfm (9.x only), directory traversal, and authentication bypass issues.
fc81458d632a151d75dbee734ef554512dc7bbdc7f0bfbae5d6c44fcafa675bf
Sysax Multi Server version 6.10 suffers from an SSH denial of service vulnerability.
50cbbd9b67f7808e61c6265a8082071e7d09c673279aac4a56165ac92bd9fc96
WordPress Spiffy XSPF Player third party plugin version 0.1 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a3597f51aeac54bbb4fee719e49631114cfa5a22f8b62d1e4785cfcd18eedb2c
Nitro Pro 8 suffers from a DLL hijacking vulnerability.
9753d7aab5dd59f1810174c7d04bad14e635ca6845ccfad19131f10367dfb005
Foscam versions FI8910W and FI8908W with embedded web interface version 2.4.10.3 suffer from multiple cross site request forgery vulnerabilities.
faa635543909b521a4f2185e437bb1f582d530fa5bbfe5788f9e98319cfa8d99
ZeroClipboard.swf as included with multiple themes in WordPress suffers from cross site scripting and path disclosure vulnerabilities.
ccfe1281dfc6e4e26e5a0d6d1b3b97070667132a8dc4e5c06f901a7d32b12f8c
MiniWeb build 300 suffers from remote arbitrary file upload and directory traversal vulnerabilities.
a57a2db6fe50d9e301599498e605af858c7f62b49d0e6f59f1d1c1a196cf857a
D-Link devices DIR-600 / DIR-300 revB / DIR-815 / DIR-645 / DIR-412 / DIR-456 / DIR-110 all suffer from a remote command injection vulnerability.
17eb6a8037069b38384464fb6033053265e37d9e03348a06ffc828a643e35041
EasyPHP Webserver suffers from a remote shell injection vulnerability.
8023e28ae85a6fa58ded8c8f3b1d3e28c39c30d6050dc359007394c1db06a0b3
WordPress Traffic Analyzer third-party plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
8849e30d2762c019ed41393a39f69eef8ad290bbe9f2061b55bfe6e22bd914e8
The Aastra 6753i IP Telephone suffers from a hardcoded telnetd administrative password.
62d1199d353ae991c9baaa62acd28e5797451f8295d39267e3a0f2c29067e7fb
Vanilla Forums versions 2.0.18.4 and below suffer from a remote SQL injection vulnerability.
8bfc7b93915d3d494f30a5acbd234606f92c7e181f68dccfb98c4ebdb77e55da
HexChat version 2.9.4 suffers from a buffer overflow vulnerability.
14b5088f5a0dd9d83df5f162592dcf460932c2148bb0e62536dda4e9f6170c19
The OTRS FAQ module suffers from a cross site scripting vulnerability.
22e42064ae8575aeb1a04d081c859fbf0209078c9e5d23d0a639b2d588b15791
Belkin Wemo versions prior to WeMo_US_2.00.2176.PVT suffer from an arbitrary firmware upload vulnerability.
87ce1b406dd2592abb929c4664b6ec19f436813a9c618655fd04efa8165bac9d
HP System Management Homepage versions 7.1.2 and below include a setuid root smhstart which is vulnerable to a local buffer overflow in the SSL_SHARE_BASE_DIR env variable.
357a44bede2c2741756ca4862ede64872c7d755406c54c4a9748b5b8c68b77ef
TP-Link TD-8817 with firmware version 6.0.1 Build 111128 Release 26763 suffers from a cross site request forgery vulnerability.
75cfe0072867dc13dbeaaa17dc56bfdaf0deec508cea718365799d632ef06968
TinyWebGallery versions 1.8.9 and below suffer from multiple path disclosure vulnerabilities.
b7a8054330b47b3e9644442f4d4c78ae2ff6042ef2b98e0a68dec801067b434e
Easy FTP Server version 1.7.0.2 CPU consumption denial of service exploit that causes the condition when sending a POST request with an empty body. Written in AutoIT.
5444040cb0c0fc5ebba94c6715a808fd92aca58033ee9f78ebbb2646a8c9747e
Groovy Media Player version 3.2.0 suffers from a buffer overflow vulnerability.
154fba6d11b45be152dff83491133c68afd025c1107e9ca14a9bf8a9782ae56b
Censorship Professional version 4 2.1.7 suffers from cross site scripting and remote SQL injection vulnerabilities.
eca09f06d856a2acf71f66a9d6bcb8247e827537969b963b1cad45744838ac15
Radio CMS version 2.2 suffers from a remote SQL injection vulnerability.
02c24c7ecb1e5eceba6a2e68fc15744da7ea2221c2ce96e58ff37befd3a20ed9