sup versions prior to 0.14.1.1 and prior to 0.13.2.1 suffer from an arbitrary command execution vulnerability via a forged content type of an email attachment.
7f25065280e73ca0e7c1a1f6429061cd9ee6353dfc98cf483575c0a5d76a0da5
WordPress Curvo theme suffers from a remote shell upload vulnerability.
c265d8b2cc6ce8faadfecc0108e2b0d861d13d909118a052dac7b78a99e62f9f
GTX CMS 2013 Optima suffers from cross site scripting and remote SQL injection vulnerabilities.
15b0c869a76223dd746013e56d764bd49329bdf34f6ac55cc179e1aaf8849e87
WordPress MoneyTheme suffers from cross site scripting and remote shell upload vulnerabilities.
118f2518be3ef83f488608e39f34988f8e8d867943df4d1309be1c8476a48492
MobileIron version 4.5.4 suffers from a cross site scripting vulnerability in the device registration functionality.
0086a60987e5725b61729a566ad575d52c9d7f81ffe6150d619bb1da469fb747
ILIAS eLearning CMS versions 4.3.4 and 4.4 suffer from a persistent cross site scripting vulnerability.
59f2e84c3cc83759cdb50071ff2bddc46f93834010bcb679cfd619392d3bbd7d
WatchGuard Firewall XTM version 11.7.4u1 suffers from a remote buffer overflow vulnerability in the handling of the sessionid cookie. This is the perl version of the exploit.
45ceb4ca62ced50ff5102abdde412ea0e3161ebbaec885e97cd203a93e46c185
WatchGuard Firewall XTM version 11.7.4u1 suffers from a remote buffer overflow vulnerability in the handling of the sessionid cookie. This is the Metasploit module version of the exploit.
25e73d8a0ef4e8e0a8edf7728db4ae486de866a485e52d6b0401d2ff36d67792
Struts version 2.3.15.3 suffers from multiple cross site scripting vulnerabilities.
c6554f49acdc80a0d54e90157d4de1ee7f01933f3569c0eb965debf94761230d
Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.
7ae30b42d1addf06dce009c2571e44ead9195cf7589aebbb33dbd101756f76dd
Ops View version pre 4.4.41 suffers from multiple cross site scripting vulnerabilities.
f03cc918c29800f4fb81785310e92c629c35a77aaa048713a3b86f607b6c1b59
vBulletin versions 4.1.x and 5.x.x suffer from a remote unauthenticated administrative user injection vulnerability via upgrade.php.
56d71874ee918e0adb9b0501022ef1127c5fdefdaf17dc30ef3b50197d6283f7
VideoCharge Studio version 2.12.3.685 SEH buffer overflow exploit that pops calc.exe.
d27b5ed8cc328e282657f03687971424f237cd948b2fae44a499656a8a01baad
Horde Groupware Web Mail Edition version 5.1.2 suffers from multiple cross site request forgery vulnerabilities.
8673f2fbe62fe700aec9d6ff06fc03cec542e451e35d65fa4c149331868f9a02
WordPress Curvo theme suffers from a cross site request forgery vulnerability.
5ff60ac7b29216353fb30ef419bb9de1554c55378b3babe5a55ed21ebf8be6ae
PayPal's Shipping web application suffers from cross site scripting vulnerabilities.
9c4d2cb0b351592d3d9a5e20ce9df32095fe904a95ba829525059c28eafad531
BalkanSys suffers from default credentials, arbitrary file upload, and open redirection vulnerabilities. Note that this advisory has site-specific information.
8f26c405b63c9567a1ce3478b4d6d560ea287f16b230a9696b659a3b5169206f
WordPress MobileChief Mobile Site Builder plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
82f649c8ad747842d6c10048a9dbcba503dcaf02a4f6bd9cfa8a8017df2d094c
This Metasploit module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofc_upload_image.php' file in order to upload and execute malicious PHP files.
b8a492ec3d568f27f3072ee7a134a2a0e51461ff46fb4b93914e0b100f645e82
Symantec Workspace Streaming version 7.5.0.493 suffers from a SWS streamlet engine invoker servlets remote code execution vulnerability. Proof of concept code included.
013fe724276f3efdcdb2e04f6e5462344632c6aeb84259e399b9fb314b8d088d
Onpub CMS versions 1.4 and 1.5 suffer from multiple remote SQL injection vulnerabilities.
29be76c26f70a0a77e21ebbba24a61a7fc1665dd3abf256dbbaa9777f05ae7cf
WebCollab versions 3.30 and below suffer from an HTTP response splitting vulnerability.
a895d7c4a4695a9aeb270f6abf9d85d121c81cc0b634d6443284f1cfba111448
Feeder.co RSS Feeder version 5.2 for Chrome suffers from multiple cross site scripting vulnerabilities.
c227d9d9a4c7675cd2e18a765b40cd5955a316d3ece0b557dcc289f4c9d80f82
Uploadify versions 3.2.1 and below suffer from remote shell upload and information disclosure vulnerabilities.
42181d90d3a59f79ebd60cc206e7db18525b5ce197976ea8e3cd7560476156fb
JReport suffers from a cross site request forgery vulnerability.
f1edcf7336d77073aafbe4e97e41a339bab3dfa611e51b9971a3df90fe3b8995