My File Explorer version 1.3.1 suffers from local file inclusion and command injection vulnerabilities.
dcd36b1e81dc4897c85854e51fc24ad5142a0a146cb6c234133e703733f730c3
Apple iOS version 7.0.2 suffers from a SIM lock screen display bypass vulnerability.
e2b00e2d99cdc1b9434722b058b6b2f5d4be7fbc949a7d237f339a92e3ae79e9
Sites powered by Anya Web Solutions suffer from a remote SQL injection login bypass vulnerability. Note that this advisory has site-specific information.
2b59df0a71ef7b979adc011a7d1b5dc584aad174be05e7645115878d7854fe95
XAMPP suffers from a local write access vulnerability.
d4e1c79f52b45915d4796dddbec5e1b6afeb47624dcc78e39ebde1fa02f92986
ZAPms CMS version 1.42 suffers from cross site scripting vulnerability.
2213eac46a948e1dd52bc170e6c8f5b856999fb6456392e5c863fe39a439f99d
PDFCool Studio Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing users to open a specially crafted PDF file (client-side attack).
538e82283e18599373c785bf2e31258b8c3ebd6d727c360ba6caa0007d96335a
PineApp Mail-Secure suffers from a remote command execution vulnerability.
c8924470a66b81659abf009075c3c7120c0413e9a832af8c6b0561ef68313cee
WebTester version 5.x suffers from arbitrary file upload, PHPInfo() disclosure, and remote SQL injection vulnerabilities.
ae0159d76ced28f2573fdafa84a4c33428886ffc49ef166346df1107fbded280
Spamtitan, a competitor of Barracuda, suffers from multiple backdoor vulnerabilities.
eefd23114986ebb81c6cc9fdb9cd682d71747b087242857dbb99a562ae632283
Paypal's shipping functionality suffered from multiple cross site scripting vulnerabilities.
6c9701abd6fdcf08b12e12a5845d221fa5bdd5bb6cc15b1ad2249a6f8cb1746d
This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and executing remote scripts via the 'scripts_exec.php' file.
43e33eef7564de8ef7460b90f5eacf0b5e096e9067163c4790e0950c800b1b87
This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard Data Protector product. The vulnerability, due to the insecure usage of _swprintf, exists at the Cell Request Service (crs.exe) when parsing packets with opcode 211. This Metasploit module has been tested successfully on HP Data Protector 6.20 and 7.00 on Windows XP SP3.
012e016b24b2c26e511cc5510500cd5238be83253a10e49838760b44e27f4253
This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. It was originally found being exploited in the wild targeting Japanese and Korean IE8 users on Windows XP, around the same time frame as CVE-2013-3893, except this was kept out of the public eye by multiple research companies and the vendor until the October patch release. This issue is a use-after-free vulnerability in CDisplayPointer via the use of a "onpropertychange" event handler. To set up the appropriate buggy conditions, we first craft the DOM tree in a specific order, where a CBlockElement comes after the CTextArea element. If we use a select() function for the CTextArea element, two important things will happen: a CDisplayPointer object will be created for CTextArea, and it will also trigger another event called "onselect". The "onselect" event will allow us to set up for the actual event handler we want to abuse - the "onpropertychange" event. Since the CBlockElement is a child of CTextArea, if we do a node swap of CBlockElement in "onselect", this will trigger "onpropertychange". During "onpropertychange" event handling, a free of the CDisplayPointer object can be forced by using an "Unslect" (other approaches also apply), but a reference of this freed memory will still be kept by CDoc::ScrollPointerIntoView, specifically after the CDoc::GetLineInfo call, because it is still trying to use that to update CDisplayPointer's position. When this invalid reference arrives in QIClassID, a crash finally occurs due to accessing the freed memory. By controlling this freed memory, it is possible to achieve arbitrary code execution under the context of the user.
b81ef79beb6b40ba18f17d324392436ed6e432b070c679e6f4a3ed30964a2dfd
aMSN version 0.98.9 suffers from local file inclusion and remote SQL injection vulnerabilities.
139d345468fde77a4b91ccbd0e3b2625bfaeb5e36d34915fa821a8700d4bfe52
mp3-player versions 2.5 and below suffer from cross site scripting and content spoofing vulnerabilities.
ce7f77d670a3572ac9908b8903aebe5d014f95e41b695d75d8be5cc3641ad500
PHPFox version 3.6.0 suffers from multiple cross site scripting vulnerabilities.
064f6e8ad5e6b6c1bcec776a5fa4e575ffdaa64c94223e49fab9582d83777d06
Beetel Connection Manager structured exception handler buffer overflow exploit.
3b3f8b7f6d9548d78db8aa84dc8ac21c8cec15a1ba10388b33b7df0f4378f4f7
Pagelime CMS suffers from cross site scripting, unencrypted __VIEWSTATE parameter, credentials being sent in the clear, and various other security issues.
a438a73e380380d700a8be6d0a80415637a312aaaf38398234e40b95d0a106f7
WordPress Finalist plugin suffers from a cross site scripting vulnerability.
ced8ea299e2428f2cea7a17ff3e128f07621ee25909202fdb466986ed54770b5
Android Zygote socket vulnerability fork bomb attack exploit.
ed067b440d55ab89daa037af12a8eceffa6ad3a3178e67cbe5c402411a93182f
This Metasploit module uses the VMware Hyperic HQ Groovy script console to execute OS commands using Java. Valid credentials for an application administrator user account are required. This Metasploit module has been tested successfully with Hyperic HQ 4.6.6 on Windows 2003 SP2 and Ubuntu 10.04 systems.
f310cc67584ebfece0fb02e5b0b15c7748e4537dd7eb3d17e3d681399a54630c
WordPress version 3.6 suffers from multiple URL redirection restriction bypass vulnerabilities.
b7c554cd3d39594ec433361de09accd00a8298b232665ded7801c40c285494bb
WordPress Cart66 plugin version 1.5.1.14 suffers from cross site request forgery and cross site scripting vulnerabilities.
6c2e05be2ddbb6085173b24d083a439347cd96197550e2c65c6ab80ad3b2bf2e
AdaptCMS version 3.0.1 suffers from a cross site scripting vulnerability.
4f69e17362e1d3e3727d1e8458a9b8c39609e4b39a547dacffe89ebb93f75936
Amun CMS version 1.0.1 fails to restrict access to its REST API.
8a1edcbf00c3646d6fc6c484cfea43697c0602acb71980da916cbfcb6ea49926