WordPress Bradesco Gateway plugin suffers from a cross site scripting vulnerability. Versions prior to 2.0 are affected.
0dc5dd6056d1e33ed43fe0e9d5a97c9ea97521368f17f778c62040126822602a
Different Raidsonic NAS devices are vulnerable to OS command injection via the web interface. The vulnerability exists in timeHandler.cgi, which is accessible without authentication. This Metasploit module has been tested with the versions IB-NAS5220 and IB-NAS4220. Since this module is adding a new user and modifying the inetd daemon configuration, this module is set to ManualRanking and could cause target instability.
349e9ccfce89a895bc88301a928728a68a24c672b6744b743b04b03f181ca743
SolarWinds Server and Application Monitor version 6.0 suffers from an active-x related buffer overflow vulnerability.
841395a87d46f8aba7dd14551684fe16b9e3de8cd2cb1433a295058e36790214
AspxCommerce version 2.0 suffers from a remote shell upload vulnerability.
8713bab6a79f7b5d50c2b8edad2fb8f4da89c6c5cd1a55ab350684bd6f34a372
WordPress Lazy SEO plugin version 1.1.9 suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.
7e6392b31a7cf6905f01765ca48cb4eced37d1b642177cdae03946cf58c2ba14
WordPress fGallery_Plus plugin suffers from multiple cross site scripting vulnerabilities. Note that this finding houses site-specific data.
c80371f254e0d3bfeab131b5f84077ce5fa288551f11fc15cd06775a35806a1c
Share KM version 1.0.19 remote denial of service proof of concept exploit.
6e85084d4572fb736353c9fdeb36ef7ab48ef9213cf5e87654492ec8b0461ce1
Joomla JVideoClip component suffers from a remote blind SQL injection vulnerability.
4781ffbb58c2f9b00a3104325ceee5ce0a84ef307ee9cccc745852c86fd96ec6
This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
9e93281c5a99b1786fc2fabf26e8375d1877b9b8ef741951fae3d0bad9d2039c
This Metasploit module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP version 2.07 server when the "/../" parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing string will also be seen on the FTP server log console.
aff42bc0d13d90c28ae3e11d84b0970e7da59f5d0794391bf2eda1629b411de3
This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer, specifically in how the browser handles the caret (text cursor) object. In IE's standards mode, the caret handling's vulnerable state can be triggered by first setting up an editable page with an input field, and then we can force the caret to update in an onbeforeeditfocus event by setting the body's innerHTML property. In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write() function, however, mshtml!CCaret::UpdateScreenCaret remains unaware of this change, and still uses the same reference to the CCaret object. When the function tries to use this invalid reference to call a virtual function at offset 0x2c, it finally results a crash. Precise control of the freed object allows arbitrary code execution under the context of the user.
ee4538ddb8dd6f77e4bd70d5e7a430e46f6d5d7ff97a0c2c23d04883b7fb837e
This Metasploit module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the "Screen Saver" tab is viewed.
29aaf07dcb5542222f7a271a446b80f5ab4686dc9025e8ce1f3c8d7045454193
This Metasploit module exploits an arbitrary command execution vulnerability in the GLPI 'install.php' script. Users should use this exploit at his own risk, since it's going to overwrite database configuration.
79ddcfadea6c138a29a453a0dc3ff975e1ac590cc8150a6246c57abfb76852b1
The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.
5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99
WordPress NOSpamPTI plugin version 2.1 suffers from a remote blind SQL injection vulnerability.
58aa4142de2233611890f47f72f2972f2c389dd1fa2abe3fb8100667a4fc03fe
Mental JS suffers from a sandbox bypass due to the ability to still execute javascript via document.inner.HTML.
d3c1668d510834211878dda3ef864e35ccdb1c64178a379e9c6c843e14ba7119
Monstra CMS version 1.2.0 suffers from a remote blind SQL injection vulnerability.
8f646b41ef7d6398179c427aec485dce9f11cf86266f17f63bfb8ccaea4a854c
WordPress Comment Attachment plugin version 1.0 suffers from a cross site scripting vulnerability.
ee16f6f50293855bcd58cc0c73ac5efb633bd28634e6029c4580e4b6cda87866
The customer service message in the My Selling Tools section of Paypal allowed for script insertion.
4fc0aab28d40e382320645dd2458e2851b10845c325983e88d3580f2925be850
This Metasploit module exploits a vulnerability found in Western Digital Arkeia Appliance version 10.0.10 and lower. By abusing the upload.php file from the scripts directory, a malicious user can upload arbitrary code to the ApplianceUpdate file in the temp directory without any authentication. Abusing the local file inclusion in the lang cookie to parse this file, results in arbitrary code execution, also without any authentication. The module has been tested successfully on Arkeia 10.0.10. The issues have been fixed in version 10.1.10.
b6be92789311b465be99dfdca2d0ac2207f5eb8fd1d7de3d361ab48a8421df40
This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the "new_comprehensive_save.php" page. This hash can be used to log in as the admin user. After logging in, the "manage_site_files.php" page will be used to upload arbitrary code.
153813f0acc368a45adcb43f7156aa643bd4c5305a6564c6562b51d3c58cec74
Ajax File and Image Manager versions 1.1 and below suffer from a code execution vulnerability.
31237d5de06bf26d9ad7ab55fd1d1c9458637ce9c4fee50f8d6fb5185bddb0d1
This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10. credit goes to Wireghoul.
9b1b3722c40ca89375f977802175807d831acd844ac69afb11a55ae6296de174
McKesson active-x control version 11.0.10.38 suffers from a variable enumeration vulnerability.
eb5a347719e20933c95310d59d0af5d7d0a513bcbf2f6ec63b483b1c7dc9b822
WordPress RokMicroNews plugin versions 1.5 and below suffer from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.
ea1a5a7a7041572f9f1666622d7a30d7aaf1299bc892596fc238dd0d0c44d675