Windu CMS version 2.2 suffers from a cross site request forgery vulnerability.
56a019a032958f9c270c1d504c29c57aa2108f118b9fc5f71f438a5c0d1abdf6
The Broadkam PJ871 DSL router does not authenticate password change requests. Broadkam is a knock-off Chinese vendor.
ee602bcc310237488f32e7419735e88a1ba71b6992ab9384e9e57fff4b69c756
WordPress Duplicator plugin version 0.4.4 suffers from a cross site scripting vulnerability.
c11bcdd0311e215255171e238d9b2a4a5c5cbb4a495aa33f118f1d414bc6792b
Windu CMS version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.
983c1316e05ee3e68fccee8c5baa23d337d5c12ebe07bd048da47708da19351a
Magnolia CMS versions 5.0.1, 5.0, 4.5.9, 4.5.8, and 4.5.7 suffer from a cross site scripting vulnerability.
e1a57d6ef2d1f9af10faf583024ebba7968cc1b930a63061237944f7b16d7b8c
This is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP).
0adc9316e503d0fe3daa7da5e64d578c4f345eb5aeee58462a82afd7494b1a6d
Juniper JunOS version 9.x suffers from a html injection vulnerability that allows for cross site scripting attacks.
29ccd87908529598304cd583f8ee5922f7df5671abd5b2cd835597f7343deffd
Basic Forum from JM LLC suffers from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.
a1be6c25b484217301eba90ff838bc9a1af185b0119f02b1e6cacaea8446c25c
iPic Sharp version 1.2.1 Wifi for iOS suffers from a local script insertion issue.
a5433fa7faac6fc77af274a37017e674b24332ffbee28a83a05ba18a5f260d4c
Easy Blog from JM LLC suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
92e6510e14c604e95a17cc5ed18c985111677ae10b2de17eea7ab41b69bcd495
FileChucker version 4.56t-e07 suffers from an arbitrary file upload vulnerability.
f85ccf5bba6e094130c5c3c7cfc595eb7fdac76706f72e68601c8fb4212bc86d
vBulletin version 4.0.x appears to suffer from a remote SQL injection vulnerability in the administrative functionality.
0a0648a15e33987faeadd862bc64fb7b7f3b30b7a5ca898b18da61ee8e8ce0d2
Core Security Technologies Advisory - Due to improper access restrictions, the FOSCAM FI8620 device allows a remote attacker the ability to browse and access arbitrary files from the directories '/tmpfs/' and '/log/' without requiring authentication. This could allow disclosure of access credentials and more.
adaec8a2f891fe9f46be77e8f4377c1af9e6f99fbc5b6ffa63687d17c42b396c
Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the CMD target. Additionally, two targets are included, to start a telnetd service and establish a session over it, or deploy a native mipsel payload. This Metasploit module has been tested successfully on DIR-300, DIR-600, DIR-645, DIR-845 and DIR-865. According to the vulnerability discoverer, more D-Link devices may affected.
01d435ac6d062114f47621077e0eb7f0d7eaf8b4b14cc6838696243a3e34377f
This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier).
c5c9607b201bbed12138b9c01832cadc3f0585df9c929779954f3b1deff22316
This Metasploit module exploits a code execution flaw in VMware vCenter Chargeback Manager, where the ImageUploadServlet servlet allows unauthenticated file upload. The files are uploaded to the /cbmui/images/ web path, where JSP code execution is allowed. The module has been tested successfully on VMware vCenter Chargeback Manager 2.0.1 on Windows 2003 SP2.
b08962941512b5b8079fa8c0192f78e7fa07e4194e7eadc4c084e0b8ccd390a5
The DMCRUIS/0.1 web server on Samsung TVs suffers from a denial of service vulnerability.
e9b3d22fa6b4f3fc19e75db76fe9f037ca994a090ee5b9c167a7c2876397d627
Photo Server version 2.0 suffers from remote shell upload and command injection vulnerabilities.
149ec4f509df9c7841d47111e32d365b17fccc1ffcff2c4cc0364c89074f6895
Dell Kace 1000 SMA version 5.4.742 suffers from a remote SQL injection vulnerability.
693c5b2e61edff845088532a9358fff8f70678f354d983b1ac6cbfc327108d2a
Collabtive version 1.0 suffers from cross site scripting, remote shell upload, and arbitrary account deletion vulnerabilities.
db6047545975993b9eb3318de2e4ffdb0ea6799f5df0acdd3e8af273d4493481
The WordPress FlagEm plugin suffers from a cross site scripting vulnerability.
b2aff13a721933615831574d3a200e0aa8d91b95d990db54195e7205f361aeb2
PCMan FTP Server version 2.0.7 remote buffer overflow exploit.
823e653d8a82b7def332d37498fc6aa74c4bd6b3c4d38913e525c15b1fff1e71
RootPanel suffers from a remote SQL injection vulnerability that allows for account takeover.
3b0a2b15e86e26905ee913231acbaecfa5ddc1f2eefcea4109cfc8734f8e8c13
Jetaudio version 8.0.17 suffers from a denial of service vulnerability when handling a malicious .m3u file.
120dc26c9dad5d23c8bbfa20b77c6e8094e7c37d3f7486ece227d645cfb2c75d
VbsEdit version 5.9.3 suffers from a buffer overflow vulnerability.
58ac21c66b7e12fd936c5067c4466ccea32a8778db1358b7ba0282b79506259c