This Metasploit module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11. It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php" parameters "function" and "args".
1c02024d4a3f7042c08772f0fe212d3e817f272a686805a55db99a37717d3b29
qEngine CMS version 6.0.0 suffers from a remote code execution vulnerability.
3536bc3d3347ae2420fc82be365206a80c0fb4b85a80355bd91dc1bee782d639
qEngine CMS version 6.0.0 suffers from a local file inclusion vulnerability.
9a4ca90342e80435948a3c42e20b9d22c7c5b898de1d6c741e985b5ece077e69
qEngine CMS version 6.0.0 suffers from a database backup disclosure vulnerability.
c9a818f093860746a364a8d9c4151bdd7d23aa5c8a8ef6e520aefd1971896914
php-font-lib version 0.3 suffers from a reflective cross site scripting vulnerability.
1a474dde8ce092bdffb789154f90356da33e4828fac208b7fd109580e7cc335d
PHP Login Script version 2.0 suffers from a cross site scripting vulnerability.
6a12219997b095202cbd5aaa5f2d6ac30483abe8709a9d07c4bd74eca78aa35c
KCFinder versions 2.51 through 2.53 suffers from a remote shell upload vulnerability.
ca0d1095ee9a88abe10850735a99afc8f80ac67e0259e5a9cce07bb9ba0e8baf
BigDump version 0.35b suffers from a remote shell upload vulnerability.
f9f701ce6b05bbb8f7d2b195365909e13439c58f11865e01dded6e4c81696c59
Windows Media Player version 11.0.5721.5230 memory corruption proof of concept exploit.
5dc8e0ebd404657746cdcfc7d783e3ef7ba754bf8126c1f3fae1c69ac25052c2
jetVideo version 8.1.1 Basic local crash proof of concept denial of service exploit.
a248304c0afdce390b860cd251654d000c396faa7166423af81b7b7bc21e485c
Light Audio Player version 1.0.14 memory corrupt proof of concept exploit.
0d21a7cb66715b9c8732cdd3b1fd335aee82aba26fa64acdc26d8e53f1eb513d
VFU version 4.10-1.1 suffers from a stack-based buffer overflow vulnerability.
f5275a5f08300fa7a280900b506085cc811afecfaf141e62f7b0baa7556f835d
The Felici and Custom Background WordPress themes suffer from a shell upload vulnerability in uploadify.php.
688496a75d9f2324cc211b4c36e214b1352155e8ba072682e609cfdb63e88609
GOM Video Converter version 1.1.0.60 memory corruption proof of concept exploit.
bc6f532c3cb15e49f330df6686ae71a269ceee906c40b8c726404e2d6c242ba1
GOMMP version 2.2.56.5183 memory corruption proof of concept exploit.
b3a0b6e615cc60915f426f4bf691f0e06e1ac91bb8c252409cfb366dc6f857d7
The Vithy, Appius, Dagda, Vector, and Shotzz WordPress themes suffer from a shell upload vulnerability in uploadify.php.
c85029288baa3e23dc157c377164f3a876fdf6b5996606933e83c2bba6eb1bdb
STAR57 version 6.20.090330 suffers from a remote command execution vulnerability.
433eba217ae3e6257289bddd815eaf98f552a7c8d6d092e667f2d8aa0c9d3f23
innoEDIT version 6.2 suffers from a remote command execution vulnerability.
a84ae0a9198c45f8c61093d04e2ace4490cd15507d7a8f10f9f4446e77bcd88e
This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer. The flaw was most likely introduced back in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between 9.0.8112.16496 and 9.0.8112.16533, which implies August 2013 until early March 2014 (before the patch).
85541f060fdc844f7022ba1f1028c17d0836c505b9c83aa7c8c91868e0d21f22
This Metasploit module exploits a php unserialize() vulnerability in Horde versions 5.1.1 and below which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() exists in the 'lib/Horde/Variables.php' file. The exploit abuses the __destruct() method from the Horde_Kolab_Server_Decorator_Clean class to reach a dangerous call_user_func() call in the Horde_Prefs class.
29c01edc4c0a6e6872a0827d3816b1b853df5b79ddb58262cb3d16dea0cc69e5
Wireless Drive version 1.1.0 suffers from local file inclusion and command injection vulnerabilities.
38941e263c811f9b54fe8df01538bf6cc8cd17eddb8519ac0483cf9e0634df15
EaseUS Todo Backup version 5.8.0.0 comes with a hardcoded administrative password that is a potential backdoor.
0cc6d6d41811254e9e104cbf690cb20d99997fc1e10e662ae84fce53fa90ec43
searcharchive.cgi from www.FastCGI.com suffers from a remote command execution vulnerability.
26e2765a41fb08ab3a22d7d3ecb52da9d29cf805f8e3194b9eb5874c4c4d8e3f
D-Link DIR-600L hardware version AX and firmware version 1.00 suffers from a cross site request forgery vulnerability.
b631009354d41628f2c1a41d39df88b0765f8bdcbeae0b5ff610a03d682399e6
OXID eSHOP versions prior to 4.7.11/5.0.11 and 4.8.4/5.1.4 suffer from cross site scripting and CRLF injection vulnerabilities.
fc197b8994d3f956db7d23e14039dc8ada100372edc278a4674596d82b02cf15