PHPvocabtionary suffers from a PHP code injection vulnerability.
35815077f57e1f2a0c402c5aa47bd660a80be4e101ed5ce9aa820d993b33b171
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the Document and used again during rendering, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild on 2013 May, in the compromise of the Department of Labor (DoL) Website.
723999396b06b95680fb759bf7a793de8245f41f4c76b136b6109a09e4954141
D-Link DSL-320B suffers from persistent cross site scripting and multiple authentication bypass bypass vulnerabilities.
39f8eb0877b4a1479fcf473272af42277ef75ed9a0c42219a8756b0d491a8ad4
Michal Zalewski put together a really amusing asteroids proof of concept to demonstrate how a modified version of the javascript ":visited" attack can be leveraged based on visibility. Proof of concept js included.
0c1b7330caf6f1622bcdfe153cd13fde591641b80ff7a9881a550469301c5a39
The Huawei AR1220 SNMPv3 service suffers from multiple buffer overflow vulnerabilities. Proof of concept code included.
a2461e3befdfb50515c11ca9595e07480247ee2c8f41a08738dc3a72c2c19311
Webid version 1.0.6 suffers from local file disclosure and remote SQL injection vulnerabilities.
18d44295209f490ad81cc1f5e3e8e12c5e0835f2ffdca7b29f8ebc0733e53a86
GetSimpleCMS version 3.2.1 suffers from a persistent cross site scripting vulnerability.
c104417689e0929e94e0ffb8bc8dcf34adf9b7f88d9438da13fcb5b0af45065d
GetSimpleCMS version 3.2.1 suffers from a remote arbitrary file upload vulnerability due to not using whitelisting.
6e6a12193bbda8bbf5d3e8f79bc113751942309e56cc2e70e3ea96dc597d99f5
JW Player and JW Player Pro versions prior to 5.10.2393 suffer from a cross site scripting vulnerability.
3245ddea3643dcef93da43abf81563693bdd734be6dea6a9c28c227473275b39
VideoJS suffers from a cross site scripting vulnerability.
139174ef78c5cd7005b493eea97a84315c36e8d0deb9be083d494629a3bc8d5d
MyBB Games suffers from a cross site scripting vulnerability.
4587a32c6a64a7513957760fbd359aa4690e411b2d53bfdc353478481de946cf
Microsoft Security Essentials versions prior to 4.2 have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account.
630839495c69bb80d036def90337a0a1056ac7d933a99a4be17cb22ed523c8b4
This Metasploit module exploits a buffer overflow in Audio Code 0.8.18. The vulnerability occurs when adding an .m3u, allowing arbitrary code execution with the privileges of the user running AudioCoder. This Metasploit module has been tested successfully on AudioCoder 0.8.18.5353 over Windows XP SP3 and Windows 7 SP1.
11e93e7aa31d0230bae1786bd7beb805bafd2f8f17ea750760363ad97854f84a
DVD X Player versions 5.5.37 Pro and Standard structured exception handler (SEH) buffer overflow exploit that pops calc.exe.
342a8ca8722652cb76fe697c08c7e930f1d9c84489cf62ad64084e6bf95abdc7
Winarchiver version 3.2 structured exception handler buffer overflow exploit that binds a shell to port 4444.
e03c150650d0c093092de920a5d5778e57636907dea5df9c2351fec4f6e3d06d
FuzeZip version 1.0.0.131625 structured exception handler buffer overflow exploit that binds a shell to port 4444.
16af598a8a9110ba118802425d3aee66e98d1676f712385eb4834b602a3e7d53
Speck CMS suffers from multiple remote SQL injection vulnerabilities. The latest framework as of 05/02/2013 is affected.
af0c4fd03471abd25cd0417d9aac71d0df6693743f31e36f97bba17515c094f7
During a penetration test a typical misconfiguration was found in the way Dovecot is used as a local delivery agent by Exim. A common use case for the Dovecot IMAP and POP3 server is the use of Dovecot as a local delivery agent for Exim. The Dovecot documentation contains an example using a dangerous configuration option for Exim, which leads to a remote command execution vulnerability in Exim.
3025b7b604291903b2d800d82014d424dcaadbb269d1a91c5be2394530f8e8c8
WordPress Advanced XML Reader plugin version 0.3.4 suffers from a XXE (XML eXternal Entity) injection vulnerability.
8f00f9b3232481b2651bd135bbb4cc1f273adbf09d9d0da522f46d08d53f898b
D-Link DNS-323 suffers from remote arbitrary file upload, directory traversal, and command execution vulnerabilities.
73e321a17a925589691872d4a616ae300aabc4641e22fad215bbb2024c010d77
Beat Websites version 1.5 suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
714331b1b42de4cf2cee24fb227a4e19dde980c09f152c2ef53bc58c1d6e51a6
b2evolution version 4.1.6 suffers from remote SQL injection and cross site request forgery vulnerabilities.
a5ab5b7104a53bbb94e8b06e61c86f560a088dd4b5a5a927911191693b7c5615
sudo versions 1.8.0 through 1.8.3p1 sudo_debug root exploit with glibc FORTIFY_SOURCE bypass.
fd5de3c224057c2badb29c86b2ccb0d9023bebf0836e30f5d1c043a51ada25c8
eggBlog suffers from a remote shell upload vulnerability.
5c8c12f9ba011e1d9b900652719ed84c53d2e512020dfa87080f173d8e6f0587
The Fortinet FortiClient VPN client on all available platforms suffers from a certificate validation vulnerability which allows an attacker to successfully run a man-in-the-middle attack and to steal the credentials of the user.
c9eab5520d3748247b19a71073dbe3eae001373c7bb79efe6b038b7a23417fc3