The WordPress silverOrchid theme by gazpo.com suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
17871129a30d053f15ebe5d29e7c76e76cd180faeff48ceb4f0500e1c251de2f
The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.
b839d5970482f3cd66e3ee8e41489d0f6ff55dcbb61c65d376fe88669b834be3
Atlassian Confluence versions 3.x and 4.x allow for anonymous users to list all registered users of the system. The vendor does not believe this is a security concern.
4a4c16d6b5e27d2551991426235eaa47ad13ed9c1e9766bd8e50813c068e0802
WinAmp version 5.63 buffer overflow exploit that leverages how skins are handled incorrectly.
b7b8323d0f2912432388831222006fc44f18caa39d9dfcb7d498e1994fe67ee5
This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970. This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command.
861501e9890ef0e4cff6780f3ce32dadf2038337f7e60f127a1275773d181e73
Belkin G Wireless Router remote code execution proof of concept exploit.
43beacbd1d2f3672fb7be34a7a3f2b6f9fabf3623fbe5cb404ae146733cc6365
Cisco IronPort Security Management Appliance M170 version 7.9.1-030 suffers from cross site scripting and cross site request forgery vulnerabilities.
40a0643dbab499a3f46d60fad23c407a10df8680b8e1f4e8115ef3aed8b93719
CM3 AcoraCMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, and 5.5.0/1b-p1 suffer from cross site request forgery, cross site scripting, information disclosure, weak cookies, and URL redirection vulnerabilities.
f65adb8d5d4537a8f1aff22cba3e550a87e391426812fdba7c08849a765bdb48
libtiff versions 3.9.5 and below suffer from an integer overflow vulnerability.
e047e24940fc1946d2bd9e6123520ff4837f2a59b4ec6f49e5d2d1e28babd003
WordPress Simple Login Registration version 1.0.1 suffers from a cross site scripting vulnerability.
8eaaf8d9c59f71217d63637d3dbbbe789fbc7b92081e36db7effd8b1901a4a06
Musicbox version 2.3.8 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
20cfed76192734cf617e94e030e36c6d5394c6401ca591e0ff39e54db386abe2
Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities.
d5574eb95b9c81f907d0fcbec02ac11f615600255a8fae6dcf88f94ba7394837
The WordPress Post-Gallery plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
a27e312e77262e178eaa8ddeb54a389448031e07bf31d9f1a766423a417f183c
myBusinessAdmin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
61199fcdd72948288b6ed131c61a7639d0420c74ff9601b8ff95b0b0efc14215
This Metasploit module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This Metasploit module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits).
fdafe64c526b291f8bc73bfd5eb8e62b37efd1524e773b087d3cc9cb3a8c5297
Samba malformed nttrans smb packet remote denial of service exploit. This is the second version of this exploit that adds an automated offset and second argument.
9ffc449f91de8aebdf2d549084d0b7ded62399e2e6a995fffee9b45af3a36af1
FICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.
a3b64ae17ac6373785bfcea917ed3efed819ce567e81d61f13690c93de1a211e
mooSocial version 1.3 suffers from cross site scripting and local file inclusion vulnerabilities.
f6d11b27cd9d0d5b9bcb61f738af8f5ae3e5d96e66ec3b7958aa519b6521ef89
Cloudflare suffers from a cross site scripting vulnerability.
681015cc7dbb3e4d2e076c6ae25daf1f2af32856d530de408b2030a5a71a1587
Paypal suffers from an arbitrary account deletion vulnerability that leverages unvalidated email account additions.
841c2aec9aded6aabc4378df632abfd8fa15c280ccb7f358a5f308e52fa80358
GDD FLVPlayer version 3.635 suffers from cross site scripting and content spoofing vulnerabilities.
44f7dd1212681cf231fd4da478749b23c764aaaf54bf4e11341f3f140cfc4311
This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.
d8d9a9612f6d40cf5a8de4bce2dac3ab2ab4a787138a95efeac38d560c8a7206
Joomla VirtueMart component versions 2.0.22a and below suffer from a remote SQL injection vulnerability.
2492d1981ba286f22ce07569a6fbf8d8800141d6ba82d7bd60588a6cbe01734d
PhpVibe version 3.1 suffers from a remote shell upload vulnerability.
5f986cf1468601c9a88f20bd84f17fd1e3b3eb1767c9565d26314580885f8339
The WordPress Video Whisper Live Streaming plugin suffers from a cross site scripting vulnerability.
9c12f6bfff77b894e0a6d28038abd9788a6c0164f211f3d2010e8846d6b20b2d