pfSense version 2.1 suffers from local file inclusion, privilege escalation, and directory traversal vulnerabilities.
a196c8dbe2940fca23547db68328ab1e0aa1e282b862808dd145f9ca266b2404
This Metasploit module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default.
6e99abeb1415d8df56dfb483b3ab125f1112848d4094f7b300a31eecd774a5f1
Check Point Session Authentication agent version 4.1 and higher contains a flaw which is caused by lack of peer authentication in SSL communication. Encrypted communication between agent and security gateway has been introduced due to several issues which were revealed in the previous versions (4.0 and lower) of the product. Research showed that it is still possible to exploit previously known vulnerabilities - gateway impersonation and credential stealing - even though communication between agent and security gateway is utilizing SSL. Proof of concept code included.
72c58abdedbdd388c629229b4209b2ae54e94e204621503ea71431c315e26d46
Oracle Outside In MDB file parsing stack buffer overflow proof of concept exploit. Affects versions 8.4.1.52 and below and versions below 8.4.0.108.
ce81c908b62ba0f0a213a1fc79baa758e7474a490afefa1a19d9ff684341f70b
WordPress Infocus Theme suffers from a cross site scripting vulnerability.
72175cc3a0ba10815ddba1acc6812efb9bf950f993641bc2dc35d2e2ee6ad9bd
A critical validation and filter bypass vulnerability was discovered in Mozilla Thunderbird version 17.0.6.
3d74d1a5a34c81851a8e11107c2b8d408b79754dd376c511ec93b10f3ea74f44
Ability Mail Server 2013 password reset cross site request forgery proof of concept code that leverages a stored cross site scripting vulnerability.
9692e27e51f88fa2918af83e4e21c7ab7e2454a36da851bbf99a37aed1388af8
ssl.bing.com suffered from a cross site scripting vulnerability.
37d160ce1d252a3d686efc9a22c7753044cf3ac7a500c95dae704ffd2fc6b168
GoToMeeting Android application (com.citrixonline.android.gotomeeting-1.apk) version 5.0.799.1238 is vulnerable to information disclosure via logging output, resulting in the leak of userID, meeting details, and authentication tokens. Android applications with permissions to read system log files may obtain the leaked information.
389df097f281daaa7d9dbb9c56c808dd4446da2ce103d5ebb8de28f30a998b7d
WordPress SS Downloads plugin suffers from a cross site scripting vulnerability.
e7e32f80a9b115f22a4c04630e2287e8ec3e6d477abe62b6eeeca82b4b163304
Simple e-Document version 1.31 suffers from login bypass, cross site request forgery, cross site scripting, remote shell upload, remote SQL injection, and various other vulnerabilities.
d8e915c9f3da5e00522f2f5a23346a479926590b24a8d0c3da5e67600297bd00
WordPress Seo Link Rotator plugin suffers from a cross site scripting vulnerability.
396ce83d6ac42563fd0a710f4db39ced9b30c7118dc539f7f1e5c4936c37f350
SkyBlueCanvas CMS version 1.1 r248-03 suffers from a remote command injection vulnerability.
edb1dc8edd44d6d33407ec7f1003b2866b604f61799c9db86b8103a2b24694b3
Drupal version 7.14 EventCalendar suffers from a cross site scripting vulnerability.
1f3e58de44388bcc99c04ff88aaf23d52abd1dac99f452c857af5d0c9f80660e
Mp3info local buffer overflow denial of service exploit that spikes CPU usage.
b5deb6a792d6a949d3e5e679490e6aa9c87258ed31e39e318f17e5babbae1e81
pChart version 2.1.3 suffers from cross site scripting and directory traversal vulnerabilities.
b4febd30f5ce93221ca07adaa67509442b41b186e1b14b8debfe2154c84000b8
JAMon version 2.7 suffers from multiple cross site scripting vulnerabilities.
05d3cecf7d59ce888a09043a4aa1af1988abd9d302ed9dd5da80c76ff2e50e0a
Adult Webmaster PHP suffers from a remote password disclosure vulnerability.
5d256374da1c00ac65c89f84b2c767a7ce7a1f53d34c06fd56dd71fcdf7c38b1
XOS Shop version 1.0RC7o suffers from a remote SQL injection vulnerability.
1e0e8100901e6b54d82414baef8ff4d635720aa18959798a0e446a285227c175
Joomla Komento extension version 1.7.2 suffers from a cross site scripting vulnerability.
d21d15fee1f16a152f0150eda5cc06010930d83f7641b7f52398505dbad2e7eb
Joomla JV Comment extension version 3.0.2 suffers from a remote SQL injection vulnerability.
62a75319979a2ea2295519f55e7394ac65bbf8129d425fc67c56a24c882e5acc
Simple E-Document version 1.31 suffers from a remote SQL injection vulnerability that allows for login bypass.
9821aaf3544714230413b34fb96644bebcf27f01db5d4f83eb60bbb5a7d45d75
Easy POS System suffers from a remote SQL injection vulnerability.
3790b82422dc9be079b7b09b1cad61a4832ad85eb8330671bd09b7127d6cf1b5
Pizza Inn Project suffers from a remote SQL injection vulnerability.
f9bde7ca3b2a31bb0f1e5347f84dadaed0b1882477cdee7ba68fbaa7ab6c9b06
godontologico version 5 suffers from a remote SQL injection vulnerability.
ed9c67c234ec933a605da421e78f117ffe73066ee2e7ea7e446a1b9a2232e288