BMC Service Desk Express (SDE) version 10.2.1.95 suffers from cross site scripting and remote SQL injection vulnerabilities.
74e4eb8d243a17c5340d032406938b29866d6db49d3fd71d6544cb957ed04e2e
McAfee ePO version 4.6.6 Build 176 suffers from cross site scripting and remote SQL injection vulnerabilities.
5bc2c2825a2b841fc950d28fa7e61d6b5aadf005eca175d8a43288f8aebc17b2
Serendipity version 1.6.2 suffers from multiple cross site scripting vulnerabilities.
481030d108ff5fb5beee22933c98925f5eef0b088e04471fe3ccaba9809718d3
MiniBB version 3.0.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
60efdb16bbc0c67a01ff8f726472ed1cccf342759ebc5a483ba9586b56560491
MintBoard version 0.3 suffers from cross site scripting vulnerabilities.
0174d84652ee11ebd0d8df03e6ea9c0f95630c6d3a8b6ca085db8d8d8df10b24
Mediacoder version 0.8.23.5530 SEH buffer overflow exploit that spawns calc.exe.
f9059da4b8565d2a2be053e35a764c75974e90bcf82f6ad60e76c537d880d579
Ultra Mini HTTPd version 1.21 suffers from a stack buffer overflow vulnerability. This exploit binds a shell.
b39d7035823d90ebf298af86caffb2621a6df69d4546157dd8458dfb62f0ac9a
DD-WRT suffers from cross site request forgery and remote command injection vulnerabilities.
71cefeed41482f3cd8e7f0937d18ccfcff76e6e7d15e71a4d8ebe20319e20870
Atlassian Confluence versions 4.3.5 and below suffer from cross site scripting, cross site flashing, and insufficient framing protection vulnerabilities.
04b97b6e60bc74d9d3dc996fcb89ad8016e30f85442144fb45955cd70de7cbb7
Multiple cameras suffer from having hardcoded backdoor accounts allowing for authentication bypass and code execution. Included are various 3S Vision, Asante Voyager, and ALinking cameras.
e5d05de9ba28af339c8a8385bfca41fad5e26d35ff3a6001d8630ba5675fcbbb
PrestaShop version 1.5.4 suffers from a cross site request forgery vulnerability.
569006bfc5d70826e09cb71f57f8aef0f71ab333fe47164b4cb288a5f9fa457e
nginx version 1.3.9 and 1.4.0 x86 brute force proof of concept remote exploit that spawns a reverse shell.
c08d90d9385b3dfaf58239db1bfee804fe103d21d4ebed131c2c37bd98971111
Air Drive Plus version 2.4 for iOS suffers from local file inclusion, script inclusion, and remote arbitrary file upload vulnerabilities.
3962cd3187d8ce7cf9f15f89a34bc0f1974a6495c284a9cead16289b31d87156
Cisco Linksys E1200 and N300 devices suffer from a cross site scripting vulnerability.
d4ddb74d82c2fa1d4400b6358b8e0a2c48588deac58394aeddf97cfda04f7241
Project Pier version 0.8.8 suffers from cross site scripting and cookies that fail to set HttpOnly and Secure flags.
2918560d315e4539695819dcf44ec0282aedfe9049c3ea821e80e1958c16a5a6
Jolix Media Player version 1.1.0 suffers from a denial of service vulnerability.
58a89d1e3da8836bf1123d5ee7babaa98ef4c05d89af8efa24997efe039d05a0
The vBulletin Advanced User Tagging module suffers from a stored cross site scripting vulnerability.
6ed28ca288dcae1a8b8f0d68cc85dff22e78aa97f6261fca14b7e0c1dc5157e4
iVote version 1.0.0 suffers from a remote SQL injection vulnerability.
e92df3a9e230ad705c3cf0adc85407a1af9aa864677da01463fad9083153b548
The vBulletin vBShout module suffers from a stored cross site scripting vulnerability.
844de421a694dcead3927d9398d6bd3109acf31bac84da005eabee397e5ec914
Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities.
e6d22d7021bfb287cc6ae6f292362183cb62e754091ade52c2acd1b0086f7d72
IOActive Security Advisory - DASDEC-I and DASDEC-II from Digital Alert Systems (DAS), which are used in the Emergency Alert System, have an embedded root ssh key that enables an attacker to transmit false emergency information over a large geographic area.
b32108bd2c0d9441bb1f18cfa9a0bc8a321063c45c679b287a55fffbc1d67034
Apache CXF versions prior to 2.5.10, 2.6.7, and 2.7.4 suffer from a denial of service vulnerability.
bd800eccaafd0f41d9a2aa6be1e7ad144231f64eaa6af3b4f06fce8a84901843
Joomla Attachments component suffers from a remote shell upload vulnerability.
1118e6723abe23812d4c09d598a6d831cec1b36454e39e2b9c1ca53527c34578
This Metasploit module exploits a buffer overflow vulnerability found in ERS Viewer 2013. The vulnerability exists in the module ermapper_u.dll, where the function rf_report_error handles user provided data in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This Metasploit module has been tested successfully with ERS Viewer 2013 (versions 13.0.0.1151) on Windows XP SP3 and Windows 7 SP1.
34af08f8dddf30575d54f3ae715a7d1578f9f140985dc2fe0ec36bc406b9b344
D-Link devices DIR-300 rev B, DIR-600 rev B, DIR-645, DIR-845, and DIR-865 suffer from a remote command injection vulnerability. The vulnerability is caused due to missing input validation in different XML parameters.
45b06bd652acac11c15608f66dea0133730d0c898dc986726de440ece8669b91