This Metasploit module exploits an use after free condition on Internet Explorer as used in the wild on the "Operation SnowMan" in February 2014. The module uses Flash Player 12 in order to bypass ASLR and finally DEP.
10fcb5c8d675a721b05ed3e69363ebeb92832f95ef6672333150a8c4b295da5e
WebTitan version 4.01 suffers from remote command execution and directory traversal vulnerabilities.
31bb563ba45d9f1705203ffe533103b28d9455039d7f5594f6e0b5ff6584664b
This Metasploit module exploits a remote command execution vulnerability in Unitrends Enterprise Backup version 7.3.0.
990dbbca3608cabc6a86f28a9fb4e995a70d4fd9ca01cb2876fd6e886b835ca0
Xerox DocuShare suffers from a remote SQL injection vulnerability.
359f347609e558ed6a4327b3bbf7312d0184b8b8950c198fc1929251921926e2
clean_html in the lxml Python library can be bypassed with non-printable characters.
02b53f8cf39d78b7cfc1a5dbfd140961829e4754c5270a979f371e2ff32c11ab
The Joomla SMF component suffers from a cross site scripting vulnerability.
691b1558f44036aa412a16d9d48319a2e05b950926b8f7adeb1cb8762a312014
CMS iCAT suffers from a cross site scripting vulnerability.
4142a14039d875db3d4ba2aa458084220881ad8db02fefecb3781d62981f9bd0
Joomla Wrapper component suffers from a cross site scripting vulnerability.
45596ee0e1e9bf3db9bb55c44f5aa93c0ce3579ef1b14446af9a10363d6940fc
Netgear N600 suffers from password disclosure and account reset vulnerabilities.
3aa397170870ccd6711672cb816baf59707da906443dc86626bdc573625d75d9
PDF Album version 1.7 for iOS suffers from a local file inclusion vulnerability.
66cdcedbd04920c8a4ed864f320c034c8c3f3060a833ede19baee91c2c19bfad
It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 9.40 of HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility running on Linux are affected.
4616ed05d73796339b56863cd74126065f2db7cca61db513f69ee6a4dd874c0f
It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 3.9.00 of BMC Patrol for AIX is affected.
d7bb7e62af377661d9e0fc40ac344b19949122236037b9511fb75a879d085add
Microsoft Internet Explorer CMarkup use-after-free exploit that demonstrates the issue documented in MS14-012.
c372cfa21ed6ed039af78c69c1242e4a591d2b3c923280149f5e686dbcd28be0
The Joomla BeaconDecode component suffers from a cross site scripting vulnerability.
246d3ac6ff9bedeeee5714e263d3feeb085e0567311d93dced373fa7355869bc
PHP Event Calendar suffers from a remote SQL injection vulnerability in day_view.php.
f2e5f97ec1c421bce7a7e7d28f1d98f1baf6873f75e6a7451aeb4db0d150ce4e
CMS Int24 suffers from a remote SQL injection vulnerability.
d12be2741add1e1a5e5b7ab2f2cb8532476008dddec78fc15faa87b5ee7f608b
WordPress LineNity theme suffers from a local file inclusion vulnerability.
36f6fffb4654c309248b74d286caf14ff027a0fafa757ba8eff1770f03237d7b
The Joomla EWriting component suffers from a cross site scripting vulnerability.
b0cbc36bb25288d02b019c76fd7c07d44954053ac3c4c5ec7a9116d986bf13fe
Adobe Reader for Android exposes several insecure Javascript interfaces. This issue can be exploited by opening a malicious PDF in Adobe Reader. Exploiting this issue allows for the execution of arbitrary Java code, which can result in a compromise of the documents stored in Reader and files stored on SD card.
741530d92bfaf4da803497f453dc0837b679b2a5894ee4de6911a114130250c9
Sites developed by Madss Software Solution suffer from a SQL injection vulnerability that allows for login bypass.
071795ced008f1a2f8f7e0ed76fe71e5dda73f79782ffcf4c433c1e224510537
PrestaShop version 1.5.6.2 suffers from a cross site scripting vulnerability.
a714c52feffde30ef61bd922b3d4fe052b8aff802397ee53a6e5999e0a7e5303
Plex Media Server version 0.9.9.10 suffers from use of plain text protocols, insecure use of SSL/TLS, unauthenticated information disclosure, and cross site request forgery vulnerabilities.
3e1cb6d955b6c33349b4369cc89ac45fd2b1365efadc1a8d845bde2d9f7310d6
WordPress Quick Page/Post Redirect plugin version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
543d850e6bb8f1097ef237e3be4e4595f53890211e8adf65315339525e89497d
This Metasploit module exploits a command injection vulnerability found in the eScan Web Management Console. The vulnerability exists while processing CheckPass login requests. An attacker with a valid username can use a malformed password to execute arbitrary commands. With mwconf privileges, the runasroot utility can be abused to get root privileges. This Metasploit module has been tested successfully on eScan 5.5-2 on Ubuntu 12.04.
be98f3a46fc9d7210a97e0f50b3bd1ba9ebef9cc6d3e9b5455d3e8e5c69531c0
Woltlab Burning Board 3.9.1 pl1 suffers from a persistent cross site scripting vulnerability.
c5eca7aae45c7ecae901cc7a0eca5177eae979828c7eba201eabe71ece3f5c26