This Metasploit module exploits a buffer overflow in Gold MP4 Player version 3.3. When this application loads a specially crafted flash URL, a buffer overflow can occur that allows for arbitrary code execution.
3da8325ad16a545338d4432ea3ca98df98052bedd020b25d70f23015fcfd6ab8
Array Networks vxAG version 9.2.0.34 and vAPV version 8.3.2.17 appliances suffer from poor permissions, default and weak user credentials, and ssh key handling issues.
424281c262881d13818d8b421e2b8079d01b94b35e76add57e3557344aa28c2f
Quantum vmPRO versions 3.1.2 and below suffer from a remote shell backdoor command that lets anyone ssh in and escalate to root.
86021585379df42396f7ae8a9afbc5718765133267144a1045108c43792f706f
nginx version 1.4.0 remote code execution exploit that leverages a new attack technique called BROP (Blind ROP).
8352b0f536d1d2db731dbea6ffe0990452b85c17e1de3830432937e8c4173ec3
Quantum DXi V1000 versions 2.2.1 and below come with a static private ssh key for the root account that allows you to ssh in as root to any appliance. They also have a static password set for the root user.
877f1687fa1556a8f78682df032fd2305a2fabba64799e8617ecfc6cb1533e4f
Square version 0.3.1 suffers from a cross site scripting vulnerability.
b644f168b3b52c6ddc1f6420b5e06183a5d0bf11a65cd71bfe307ed24275525f
HP-UX rlpdaemon privilege escalation local exploit that appends junk, including localhost +, to .rhosts.
9f28e2f9517fc3a0ffaea11956b8540756cb83e694b513ab706418dc210c0f51
osCmax version 2.5.x suffers from a cross site request forgery vulnerability.
5c9c9ee265cfff74fda3e4a7b303328e9c2db77708cf2c56b743ac644b394e1b
Loadbalancer.org Enterprise VA versions 7.5.2 and below come with a static public and private key installed for their appliances. When the keys are regenerated, it fails to remove the public key from the authorized_keys2 file, allowing anyone to use the private default key for access.
2f4dfccf5655e5fdfa8f9af30faf107520d3182be78d7c99cf82b293f0d969cd
Webmin version 1.670 suffers from a cross site scripting vulnerability.
7d18e9a92a225522958af02a7a14f6ae3ea0e0a8e5b98324a3cf3c5c316a8e4b
Joomla Multi Calendar component version 4.0.2 suffers from multiple cross site scripting vulnerabilities.
1d6d80ebdb7ec8e97cb51d9c8d6831ad85c32587814e03d0f5a32b0784c7dbe2
Joomla Freichat component suffers from multiple cross site scripting vulnerabilities.
f26a565ccf8266ff4e862546262b26a06d4edba8af7e2c7c88770059723d0589
Joomla eXtplorer component version 2.1.3 suffers from a cross site scripting vulnerability.
2ca16b999148c6d2334acfe2e91042ebb5c1b33342fa819f2987112af9966563
OpenX version 2.8.11 suffers from multiple cross site request forgery vulnerabilities.
897a72f130594acbcbd4b6203433065ac139932cd5110b5ec6aec684ccc19423
Joomla Pbbooking component version 2.4 suffers from a cross site scripting vulnerability.
af5c5305ec8be4ba72e73746a75b84e3ca913b3ba8f5eca7667859068840882d
OpenSupports version 2.x suffers from authentication bypass and cross site request forgery vulnerabilities.
ac3a2ba976b690947f425b41942ea5492cb2ca35ee8b6ac58b67f1805b55f748
Joomla Youtube Gallery component version 3.4.0 suffers from a cross site scripting vulnerability.
4ef864392ba2fff744ec53b5240a1d326acb8b8a96317ac7215fffa4ce7a1cbd
Cosmoshop suffers from having an unrestricted pwd.cgi script that allows for arbitrary creation of an htaccess file that can be leveraged to block access or perform phishing attacks.
53f0f39b47e349790d4106dadcb4f94299cf242f14f2206dfedf4903924e2e8a
Free Download Manager versions 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and possibly others are affected by a stack-based buffer overflow vulnerability. Proof of concept code included.
d757234aa82969bb55c4498cb2fc25d5a4f629a3efd5fc1a69edf4175c7a988a
SeedDMS versions prior to 4.3.4 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities.
7222df803d22b5fb30d93e08afd977dc6a9b8b835ad9c5ef8d67af0e94f245cb
MicroP version 0.1.1.1600 local stack buffer overflow exploit.
d735cfe03abbf2db0ad8bf6acb6c8b51b1ff05643f2c5d19f0eb3fdc5a3d7f61
WatchGuard XTM version 11.8 suffers from a cross site scripting vulnerability.
ba1a39b06837912987c84d2e2f37b55c4b8fa9bab0cd2a40903637fbd5714e5d
Joomla AJAX Shoutbox suffers from a remote SQL injection vulnerability.
64883b00a307f31c0429ba45f2a67e2fa7f19c62dc666e414b874f3d9536979e
Trixbox Pro suffers from a remote command execution vulnerability.
16c4989fd587dda06942b413211a881e0f52e9cf1be3fd56030a2eb7f44eab75
iOS 7 suffered from an arbitrary code execution vulnerability in kernel mode.
a80dfd22eb4297c3c38e28620d240742691ea94f1473c9e9c446334c23938dff