Matterdaddy Market version 1.4.2 and below suffers from cross site request forgery and arbitrary file upload vulnerabilities.
0b8140e53c7c0f1f92e8675c79e10a58397a4335cc65b525b3ae336d8c75f408
AVE.CMS versions less than 2.09 suffer from a remote blind SQL injection vulnerability in the "module" parameter. This is a proof of concept exploit. This issue is addressed in later versions.
a58ccee98e2766a83b2334654aae4e4bd323c91cb8f725358879fb1018be8100
This is an SQL Injection proof of concept that will display information about the vBulletin software and the admin details from the database. It can be adjusted to read any part of the database.
31b6c134bd12e2c8a3b7dce76200bcb7e83f26adecf9774a722a58a1aa24bab1
This Metasploit module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible.
5caa8725f0b0e52002e2804749d851584f474a1d0b411c2a827865afd2da031c
This Metasploit module exploits a vulnerability on Adobe Reader X Sandbox. The vulnerability is due to a sandbox rule allowing a Low Integrity AcroRd32.exe process to write register values which can be used to trigger a buffer overflow on the AdobeCollabSync component, allowing to achieve Medium Integrity Level privileges from a Low Integrity AcroRd32.exe process. This Metasploit module has been tested successfully on Adobe Reader X 10.1.4 over Windows 7 SP1.
362b070d8c1cff7e3047e6ccc9833c6d39410fbd8d44ca7e08e17d15068ff919
Weyal CMS suffers from a remote SQL injection vulnerability. Note that this finding has site-specific information.
83692401cd0bb507fa938e88a9e9e351a2a29d0810f21072c7eef4a2e38bdc33
Spider Event Calendar version 1.3.0 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
e1280c273978d2943c741ebee56c227367b4ac94ad923128afa07f35b1146ed6
Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
37e63ff3e32d65df162db6c051518d4a1fcd556135bdae06ee5a5a69e189c813
Wordpress Flagallery-skins plugin suffers from an SQL Injection vulnerability. Note that this advisory has site-specific information.
8e7321e57a191458bb0488828e864521503137f0590d73239395524588a9079f
Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability.
0500e2f1f7402ade9a36fb3bbcdf907836374db397c71ed558baeaefcc940edc
Ophcrack version 3.5.0 suffers from stack based buffer overflow vulnerability that leads to local code execution.
85e4c42a672fe0a884bdf1e279ba0680a6f49152f227aadb304bf714bbb09e86
Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module has been tested on a Linksys WRT160n version 2 - firmware version v2.0.03. A ping command against a controlled system could be used for testing purposes. The exploit uses the tftp client from the device to stage to native payloads from the command injection.
f9f09e58e33c3c7939cc2ed16b2c26b3cc52e2b7e29498141ef9d035fec7d9f7
A local code execution vulnerability is detected in the official PlayStation 3 v4.31 Firmware. The vulnerability allows local attackers to inject and execute code out of vulnerable PlayStation 3 menu main web context.
0fd5bb46569459ce46c5312e622c6ab26a6e991cedaa4c04f931ae9f2b8e725c
Trend Micro DirectPass 1.5.0.1060 suffers from local command/path injection, persistent code injection, and a denial of service vulnerability.
0bd4cb7f71fd9f6ce6c2774f8d033e3486c4b9de01400c5a1430a846c73e58c3
Swaparoo - Windows backdoor method for Windows Vista/7/8. This code sneaks a backdoor command shell in place of Sticky Keys prompt or Utilman assistant at login screen.
a8cd0e00d51d3b5913e9d7c69e14520295b34ecc124cbe73c93f101a16b0bc53
WordPress ProPlayer Plugin version 4.7.9.1 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
cc97f9fb24702b00b0d44275e740d8353c7449cd7d2b62180d8d38729de371eb
Some D-Link Routers are vulnerable to an authenticated OS command injection on their web interface, where default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. This Metasploit module was tested against a DIR-615 hardware revision H1 - firmware version 8.04. A ping command against a controlled system could be used for testing purposes. The exploit uses the wget client from the device to convert the command injection into an arbitrary payload execution.
aad8c5ca69c9c88e6afefcbe2b486142c3227a0b49c91b9a4e140ec39830afb7
Moxiecode Image Manager (MCImageManager) versions 3.1.5 and below suffer from a remote shell upload vulnerability. Moxiecode is a commercial plugin for TinyMCE.
fd409e0d8cd4de78eff2f6ed557b4a1f24ec4438e3f2e3e0eb5a1b05640107ce
Local root exploit for Glibc versions 2.11.3 and 2.12.x utilizing LD_AUDIT libmemusage.so.
dbe0977154f9ed4331b96211af365a5ddd2b1de1c5253179073a44cea5e541e3
Moxiecode File Manager (MCFileManager) versions 3.1.5 and below suffer from a remote shell upload vulnerability. Moxiecode is a commercial plugin for TinyMCE.
d69aae839dcc779cfba73a5bfb9cc79a717869c8399e3bd4c4f76e7dab581afe
Nginx versions 1.3.9 through 1.4.0 suffer from a denial of service vulnerability.
545ee012c3d75d1d38d47e527a614966ce9593fd109eb03f37bdf8105f5b48b0
This Metasploit module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root privileges. In order to exploit the vulnerability a valid user (any role) in the web frontend is required. The module has been tested successfully on the Mutiny 5.0-1.07 appliance.
01d6456aa6f66c843f950a3e95e6b90c8d0c5ec0cde800f6939a9ede83195de8
This Metasploit module utilizes a stager to upload a base64 encoded binary which is then decoded, chmod'ed and executed from the command shell.
4e828bd76fd9d92b7193f91ff6cdf47c21ab888c351730fc0b672b1bdfa5d5fb
Exponent CMS version 2.2.0 beta 3 suffers from local file inclusion and remote SQL injection vulnerabilities.
c66432c06b6aeb8a14da0a5432997dffbde3bde7c22f8d34fad4191d2231131f
Quick Search version 1.1.0.189 suffers from a buffer overflow vulnerability.
14d59285c5ed109c4f6adeede8aa3624a3d43932eb94e78755c80a7b5a59e49d