PerfectWare CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
afc520a7ed4795f43b84316ac3c45eaf4047d3b31843ca491b7153cd9e8823a6
This Metasploit module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the BKESimmgr.exe service when handling specially crafted packets, due to an insecure usage of memcpy, using attacker controlled data as the size count. This Metasploit module has been tested successfully in Yokogawa CS3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.
7408ef475efc86bd8fe8b92c5ff8db48dbdc910b25fd6be4ef64b1c3255fc826
Drupal Flag version 7.x-3.5 suffers from a remote command injection vulnerability.
77d2733663b72ddf1a970877c43463caf16d6a0a9fb55bede84b804ac0cefc7e
Jasper Server versions 5.5 and below suffer from a session fixation vulnerability.
5a8cd75ea1fc559c5e606aa75dc868afa95e2e08f85eb9edc66906672210da21
Jet Audio version 8.1.1 suffers from a memory corruption vulnerability.
c52be51e49cdfa83e81d6f3b90d8fcbdff938b336d4d464fa62001436fec946a
VLC Player version 2.1.3 suffers from a memory corruption vulnerability.
6792834d831a80e4ebb4ad64787a7b8546a2c954b030f0c8f1392124d68c13a5
This Metasploit module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11 and Flash 12 over Windows XP SP3, Windows 7 SP1 and Windows 8.
6a8fa454ee9283f46ce5d01131f9d761fbf953a93ad1c6ec6a6883225ddafa72
Foscam IP cameras suffer from a dynamic DNS predictable credential vulnerability. Proof of concept code included.
5baac5bc37afd3fd3aab2f95d719db3bbdda8721c33fcfdd634fce91a8ca44d0
AVG Remote Administration version 13.0.0.2892 suffers from authentication bypass, remote code execution, missing entity authentication, and use of static encryption key vulnerabilities.
ceb5d04708b6157050ac25449b0b9e11964628e323bd6dc10d4cab4e2224dd97
RedTeam Pentesting discovered an information disclosure vulnerability in OrbiTeam's BSCW collaboration software. An unauthenticated attacker can disclose metadata about internal objects which are stored in BSCW. Versions 5.0.7 and below are affected.
e0f660572f84c74eb890b10b761c3a1cf4c4bc6d50e313b9c433d650c7357df1
VM Turbo Operations Manager version 4.5.x suffers from a directory traversal vulnerability.
6867fe8f56ce9106aae72c2e15cb5ae941497b017368ba4f683eb31f8d8d2f21
Openfiler version 2.99.1 suffers from multiple persistent cross site scripting vulnerabilities.
c690ccedae1c74a42f999bf09b3b8e0b27e3f56ff4ca39f4cc4ee3d3b9e2d937
Openfiler version 2.99.1 suffers from a remote arbitrary code execution vulnerability.
f39eaef0643faa98d3ea0b5cbd3b47b64d2654876e82be326b67d25a90209d9f
Collabtive version 1.12 suffers from a remote SQL injection vulnerability.
23b430229e0bd82a0650c317d93f8650db871e9c49ef9fbd09dfe4dc15d19e99
GOM Player version 2.2.57.5189 suffers from a memory corruption vulnerability.
dfa5ffc08ce3ba5b6107594f21b73725d321cebcef7699a6b77983be79668e48
Cobbler versions 2.4.x through 2.6.x suffer from a local file inclusion vulnerability.
2e95e8c1d7b784a8a867b18e9c0497e669454dba4841fb5be6e965abdc4b7b32
CMS Touch version 2.01 suffers from remote SQL injection and cross site scripting vulnerabilities. Note that this finding houses site-specific data.
c655b6f45eb784269e8b7fa2be84b760ebc6980d5e6c56eeba90e163b5294d09
Enquete yS version 1.0 suffers from a remote SQL injection vulnerability.
c8d2e2d5d89b0d778cdf2b3e7843e7fbcf459acd5e151d5c728af63f22dce0a6
F5 iControl systems suffer from a remote command execution vulnerability.
3bb67baccdc0e397583692f37c40518c602a130776335c7f7b2de6042944cd0d
Offiria version 2.1.0 suffers from a cross site scripting vulnerability.
025b9cc75f03eaf22ce2c6ff43f58faed7d6d01e2abb67350a626700ff82d560
WordPress Photo-Gallery plugin suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.
c782dc85e948b6e33fa0638384eb3d60963677fc0c110663b3ea8899d7e182d7
Sites by Global Domains International, Inc suffer from cross site scripting and directory traversal vulnerabilities. Note that this finding houses site-specific data.
0f6600539c8143a8fa9d056116a8e385d2f7f10edcf47301dbf33bf88f5ab309
InvisionPower CMS Links to Titles utility version 3.0 suffers from a persistent cross site scripting vulnerability.
d003bac19ce9abb550ac27edf8a886c7e70a1c1cf25d4cb98871573a9b3f7aca
Cyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.
541b5bb49a5ff4999d477790815626466bd8ac777fd0984dec1f956c46e55a27
Night Lion Security proof of concept denial of service / stress tester for PHP websites running with Apache and NGINX systems (PHP-FPM and PHP-CGI). Using a standard cable/DSL connection, this attack can flood a Linux web server's CPU and RAM using standard HTTP requests. This attack effects Apache or NGINX web servers that handle dynamic PHP content using either PHP-CGI or PHP-FPM (which includes WordPress websites). In addition, the requests made by the attack (or default) web server configurations will continue to keep the server's resources in use far past the end of the attack. To execute the attack, set your target URL and time delay parameters and the script will do the rest.
66e4705c388028be2e16a9b4d12a2811c4c3a961557abb18afaabbf367a8d1ad