WordPress WooCommerce plugin version 2.0.17 suffers from a cross site scripting vulnerability.
628ac46d8f1244fad6d04ac0e5152e7eb4159026a41ee343f38ebfe0c886e422
Elite Graphix ElitCMS versions 1.01 and PRO suffer from cross site scripting and remote SQL injection vulnerabilities.
29a67e3663b1e3c4862f2246b9ede7002b3897ace31e2a0b390b8b8838c2db15
Bluetooth U version 1.2.0 suffers from a directory traversal vulnerability.
ca14296374929c9f6c88571a95a5740d0e443d519a9a0c903df41f3c2bcc8c26
This Metasploit module exploits a command execution vulnerability in WebTester version 5.x. The 'install2.php' file allows unauthenticated users to execute arbitrary commands in the 'cpusername', 'cppassword' and 'cpdomain' parameters.
dfea5435bcc036d47d5c594f95500152ab31c0d3ee607b8a70a2b6f399effb39
LinkedIn suffered from a cross site request forgery vulnerability in the Join Group functionality.
442cba9a0c6a978e69874ca3310a79b3dd238196b467f3e2045742bf6b7bdf18
Zikula CMS version 1.3.5 suffers from multiple cross site scripting vulnerabilities.
69f709f535989b330975f9e777157ccbbe4a049d89e1926d05079fa41e57d717
Adaudit Plus Online Demo suffers from multiple vulnerabilities including cross site request forgery, directory listing, and passwords being passed via a GET method.
65032b7037f6db49f90a134d34c24c4a670cbee2a380df40c787cac1f3f32132
Admanager Plus Online Demo suffers from cross site request forgery, directory listing, clickjacking, and cross site scripting vulnerabilities.
ef8980f8307fd85e258505ff90f13dbeb382094a1fe35e49f7d82febddc5223e
Quick Paypal Payments, the plugin from quick-plugins.com, suffers from a persistent cross site scripting vulnerability.
37a5f2452b362ab7282d84c4e598396e18994f0a1811c1715518b59a076d9641
PHP Point Of Sale versions 10.x, 11.x, and 12.x remote code execution exploit.
2688acc1f96e93d7799ccb3540cbe12f48da9bc32d767bb22ca9db0d45a74255
WordPress wp-realty plugin suffers from a remote blind SQL injection vulnerability.
108b6fd23f8a90bbd9f2002fb29777287f9643daa0a9c90beaba3eb5d9b696c7
This exploit lets your extract the ARRIS DG860A NVRAM backup where password information is stored in plain text.
5017f2e38a000e389ed35e33f98d69940a068ef699bb039cef9ec919fd229db5
Oracle Portal Demo Organization Chart suffers from multiple remote PL/SQL injection vulnerabilities.
9cb3fdaacb46479a4b50a20bb9819648de8a75d662cac0949a85147a7341ca3e
Microweber version 0.8 suffers from an arbitrary, unauthenticated file deletion vulnerability.
00e97b9578c6ea4b1d5201d508e35d8194cb39385bfa4167d6c6fece74f8402b
PayPal suffered from a mail encoding flaw that allowed for script insertion.
b603bb923ee6756c0cf3b284eec6b7ad0910def98cf35aaa7a93f3ec633f161d
WordPress wp-image-resizer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
f3cd5381c497d0ff9a43ff787405d39f9cede357c30e3dde558ede2858e1aae0
Level1 EAP Devices offer a function do download the device config file. This download mechanism is not properly protected such that an attacker can download the config file without authentication. Passwords can be retrieved at this point.
feb798abe8963cbdf88203291b080caa2b0b13a15a35c236457fb84cc061ff8d
This Metasploit module will attempt to create a persistent payload in a new volume shadow copy. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. This Metasploit module has been tested successfully on Windows 7. In order to achieve persistence through the RUNKEY option, the user should need password in order to start session on the target machine.
d72c7c4197223719655c0deb2854e9abd093b3ef32540cca84b41979d20922b1
Dolibarr ERP/CMS version 3.4.0 suffers from a remote SQL injection vulnerability.
17558383b563f3fc59b866cd4454a1c3f1b147cd861e3918baa96316db448057
DornCMS Application version 1.4 suffers from cross site scripting and local file inclusion vulnerabilities.
effa62cb4eaaa12b0a23ca9706a0f1cc9087f8d782f16c149fece649db7b3103
WordPress Dexs PM System plugin suffers from a persistent cross site scripting vulnerability.
46585f05ce1c8abf03275497ab4ed1b5a5b1fe6f2f5d454627d66da4e26a2725
Aladdin Knowledge Systems Ltd. PrivAgent active-x control overflow exploit.
78e1f9941ee243de2c6fa4f4dd4d806f45dbe201a8b08daf54b144678052bb4f
OliveOffice Mobile Suite Application version 2.0.3 suffers from a local file inclusion vulnerability.
7d7261b5cb9ff0d8f4b60ec12e83b4f3f6166c30074918909602721509669623
UbiDisk File Manager version 2.0 suffers from local file inclusion and remote shell upload vulnerabilities.
3d7f843569c22b8fd4f6b976f1f76dd77f201277ccacae468697c7dc4e343f81
Gazelle suffers from bypass and remote SQL injection vulnerabilities. TBDEV.NET suffers from a remote PHP code execution vulnerability.
5597e1348996b8d06f84e7e9595c6350ac59a7ddfd78f4d6aa06f8fc972fe7df