TRENDnet TE100-P1U with print server firmware 4.11 suffers from an authentication bypass vulnerability that allows reset to factory settings or IP address change.
b7ef6475979c2c1961911c4513a6c54bf0f40d588de215f5dc1a34f2f4ef99d6
The CyberKendra Search Bar script suffered from a cross site scripting vulnerability.
4a5361a17f69d745e0fb5aa52190ed508bceb7f198b3fd490a70d9e77ed8a4eb
Sami FTP server version 2.0.1 RETR denial of service exploit.
06d2037acbf61940eff3c2edc3b7de8a6750c62bc7165b179dd58aca0df3784b
Remote root exploit for all Seowonintech devices.
595a7decdc3f52417856da361543526dde0357dd9c1d41fd0828e62432f3bfa8
PEiD version 0.95 memory corruption proof of concept exploitation details.
d53ea6b79606c299c81e860d64d534a6a783b267cc16bf3fda88ca1114fd92d5
FreeBSD 9.0+ privilege escalation exploit that leverages the mmap vulnerability.
a973c83e5edcbbb9daa0f1ee93d7602a34fc84b380f80b2f787c0b16ff88417a
aSc Timetables 2013 suffers from a stack-based buffer overflow vulnerability.
456f8e6a3244e971ad39ce281111d3f8cbb2a46cb66c2ae86b5dc1c3ed95dbb5
Mozilla Firefox browser version 21.0 suffers from a remote denial of service vulnerability when a loop is leveraged against document.write(document.body.innerHTML).
bc819cf7a43da917d125d0cfc0031789e76ca7137c00956f52a39dea1dcda135
This Metasploit module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue (found in ginkgosnmp.inc), which will be used in a exec() function. This results in arbitrary code execution under the context of SYSTEM. Please note: In order for the exploit to work, the victim must enable the 'tftp' command, which is the case by default for systems such as Windows XP, 2003, etc.
6266db27926cf39ef3e09f70d6ca685c96436473d8a501cfbd635527cd54d34c
This Metasploit module exploits a file upload vulnerability found in LibrettoCMS 1.1.7, and possibly prior. Attackers bypass the file extension check and abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.
30ecd42376c5e4bb7dd7923719eb84398fa5da45f31326b369732ac687c9d496
Alienvault OSSIM open source SIEM version 4.1 suffers from multiple remote SQL injection vulnerabilities.
cec5b0d081cb8bbd769dd87f67d17d9598653efb5fe766c3fed3b0ae82e30776
Facebook suffered from an information disclosure vulnerability. If a user uploaded their contacts to Facebook and then proceeded to download their expanded dataset from the DYI (Download Your Information) section, they would receive a file called addressbook.html in their downloaded archive. The addressbook.html is supposed to house the contact information they uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided they had one piece of matching data. This effectively built large dossiers on users and disclosed their information to anyone that knew at least one piece of matching data.
07268c0e796ea6d21e794a4db3101dd9e38d23de66ebb9b581bb627fba66c532
Google Translate suffers from a cross site request forgery vulnerability.
12c75e42342e2b5192e105b93d358210a34123108e4400ed7ac334119313f625
Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .lst file.
bcb66ae72f4f684291f8faab4d2e165bb61d7ebc318e13bb1313b5ccd967ad9b
MediaCoder PMP Edition version 0.8.17 buffer overflow exploit that generates a malicious .m3u file.
9fd7b6968573c582ace30ac22503f1f40315d198996d216a15f72fecb865e032
Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .m3u file.
88cbe9f71bdd8f65081de116b10e0c8cff528229002bfcafc93c7a4c0255f52e
The Slash theme for WordPress suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.
a99cba04e795f7b79896872c6d6ff57f05ad21de70d7e533d95a3ebf48628267
Prestige Software CMS suffers from a local file disclosure vulnerability.
a65103527976d07ca5756e57a286810cd917abeeb166383e9e823692a7ffbab9
This Metasploit module exploits a file upload vulnerability found in Havalite CMS version 1.1.7. Prior versions are possibly affected. Attackers can abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.
caf2d6ad9662842ffd45e96d09bc069561d43e22364b1adc6736d0aee2a8406c
GLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'users_id_assign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in 'glpi/ajax/comments.php' script is not properly sanitized before being used in SQL queries. This can be exploited by a malicious attacker to manipulate SQL queries by injecting arbitrary SQL code in the affected application.
d4ea648da5ce15f6a9a9ff70fced4a4c2d50218825a23a4be4c56ea5f0f90ee9
FreeBSD versions 9.0 and 9.1 mmap/ptrace privilege escalation exploit that leverages the issue described in FreeBSD-SA-13:06.
33ab3cd2db81ca119a894609c3cbec29fc118789f6df44a99945d5cda231b71c
GLPI version 0.83.7 suffers from a parameter traversal vulnerability that allows for arbitrary file access.
8c549c03c6d7b7e06618844943413d35622dfba90639b3c6ac5e75b5a16e3a25
This exploits performs privilege escalation leveraging the mmap vulnerability in FreeBSD 9.1 as described in FreeBSD-SA-13:06.
f4335d5441b706cb24ce9fb6b71366091edddbb0838d83d2cd1b69a4edab8fdf
TP-Link Print Server version TL PS110U suffers from a sensitive information enumeration vulnerability.
d9a49fe63d706d493bab0eca559b24f7343fd3b17429368055b9144c891c110d
Mod_security suffered from a cross site scripting filter bypass vulnerability.
f2125bb4ab7692426d1789ea62aa804f599421f07fed6bc8474c3e45d715a2d3