ClassAd suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
02a2c0b255ff4254797f868e19ff5ad1d09521aa1ffc45f92f2aa33e8a00bbef
Sites using Flying Cart suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
94e71e6c1f57749ac86022d71ebb2690578d7642017877347bfa8c2e2f9cfb4e
Perseus' Java Hopper suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
1a952079b2e021364160e3158865b9764b672b7331c8c743654ad542bcd9340b
This Metasploit module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This Metasploit module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This Metasploit module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.
cb1b416c6a81192072db5387c939127cc89639e3ba035c140a68125e64bbc407
AoA MP4 Converter version 4.1.2 suffers from an overflow vulnerability.
cd63ce9472faafdf4e2e783946b14d6f167f018ab91f2599cfb2ebd6900462a4
SafeNet Sentinel Protection Server versions 7.0 through 7.4 and Keys Server versions 1.0.3 through 1.0.4 suffer from a directory traversal vulnerability.
44d8d12aafec471f9f40aac23224aaabaa726ad6187322040baee9fe298880fc
JavaMail does not check if the email subject contains a Carriage Return (CR) or a Line Feed (LF) character on POST multipart requests. This issue allows the injection of arbitrary SMTP headers in the generated email. This flaw can be used for sending SPAM or other social engineering attacks (e.g. abusing a trusted server to send HTML emails with malicious content). Versions 1.4.5 and 1.5.1 were found vulnerable.
405fd5ea751ac4705c07542a270ee08ffee8bea6e4c25464024c27431b045351
Clipperz Password Manager suffers from a remote code execution vulnerability.
a389dff208c61b443364f2e6e4129153bf3222246ff2df01244a949c8e244afe
AoA Audio Extractor Basic version 2.3.7 suffers from an overflow vulnerability.
dcf9cf1e13d58871d2e0e4bc3827849243e29adbcd9d4d52281ed0f2d1705f6c
CyberLink Power2Go Essential version 9.0.1002.0 suffers from a registry SEH/unicode buffer overflow vulnerability.
c4ad3ea0e0cf296b67878e6a6773f715ce52a1c11772efc0549219c883df125a
AoA DVD Creator version 2.6.2 suffers from an overflow vulnerability.
2f31adef0c26503f7dcc55055e82e81b9c030906ddfc9884aac7a7f920f2863e
Seo Panel version 3.4.0 suffers from a cross site scripting vulnerability.
a478c32cb9af5fb501f74cbb29a394595bb4f20a6926285d8f761e38231064c9
This Metasploit module takes advantage of three separate vulnerabilities in order to read an arbitrary text file from the file system with the privileges of the web server. You must be authenticated, but can be unprivileged since a privilege escalation vulnerability is used. Tested against HP Release Control 9.20.0000, Build 395 installed with demo data. The first vulnerability allows an unprivileged authenticated user to list the current users, their IDs, and even their password hashes. Can't login with hashes, but the ID is useful in the second vulnerability. When a user changes their password, they post the ID of the user who is going to have their password changed. Just replace it with the admin ID and you change the admin password. You are now admin. The third vulnerability is an XXE in the dashboard XML import mechanism. This is what allows you to read the file from the file system. This Metasploit module is super ghetto half because it was an AMF application, half because I worked on it longer than I wanted to.
32678ccb2a4454a4f3176a572bfd08436712de26dce1cdfb8b2986d281d3c14e
XOOPS module Glossaire version 1.0 suffers from a remote SQL injection vulnerability.
a4470aa99ea11a5f9c282b6f993f8063c3a3288f96bffe613ee69ced409f8c79
Wiser version 2.10 suffers from a backup disclosure vulnerability.
c26e09ae50d4b608b25cd47bc4c0eb2709de37db147ba812378aa9348bd8f835
SMART iPBX suffers from multiple remote SQL injection vulnerabilities.
0e228b7ec6d89267b0aca22b0aae4fd724817db1d8173289e79cab2dafe203a9
SIP Server by Kerne.org suffers from remote SQL injection and backup disclosure vulnerabilities.
fe39892f12c45c5cbcc5327efd59baceaf7617936f8dda149687a54792646c31
PHP-Nuke Web Links suffers from a remote SQL injection vulnerability.
7d294df4f893166c5d430655e923ffacdae294f6c98718bca8371ebefc94493a
CRMAPP suffers from a time-based remote blind SQL injection vulnerability.
7a1d6906587fbf34c99caa70266be93714a76f56d009b6016009ad37a07574e3
Construtiva CIS Manager suffers from a remote SQL injection vulnerability.
7136c76d7db570fc9ac688d69aeeca0d8846c1171cdc6199197d0dcc66015ca5
Nagios Plugins versions 2.0.1 and below suffer from an arbitrary file read vulnerability via check_dhcp.
06b295d336a8c90eb6729752963778c1daffd50f2c930f399a48e00d05704d46
WordPress cnhk-slideshow plugin suffers from a remote shell upload vulnerability.
559f24d812b08368e3f3bc3029d3d487db79d8b401ebfa988c6541b0381bdef4
UPS Web/SNMP-Manager CS121 by Generex comes in with a default enabled "service"-port, that makes it possible to bypass any specified login for HTTP(s), snmp or telnet.
4bd1c3577ab09b7e5e33f32952b9014f9f0a435701fd9a44164f65c1033552a0
BarracudaDrive version 6.7.2 suffers from multiple reflective and persistent cross site scripting vulnerabilities.
d41472b73eb1e68306169abb69831256e5000c2d91afe4d895f79081b2bd8cb6
EGroupware version 1.8.006 suffers from code execution and cross site request forgery vulnerabilities.
7d08464cab77afb7f22daf9c5a982166be13306330e34cbf9aa49130bbce7d96