Mailspect Control Panel version 4.0.5 suffers from remote code execution, arbitrary file read, and cross site scripting vulnerabilities.
93840f05f3284db346ab563d9c92844b1815684ffd7b76a7df35d6f2fd20dc78
HP Enterprise Maps version 1.00 suffers from an authenticated XXE injection vulnerability.
49cac9392e67761747314562b60d157df35c9cc117dcad5865d91f95214595b0
WordPress Simple Share Buttons Adder plugin version 4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
9b7e8bd26dee08baac6ace569d5e3efc78505ee6d9b668bbb0577bd8be00f138
Thomson TWG87OUIR suffers from a cross site request forgery vulnerability.
95c9c6a1307d99533c4237f526c60deee7797da36e9b73b5208b2f1c35485570
RedTeam Pentesting discovered a cross site scripting vulnerability in Endeca Latitude version 2.2.2. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users.
0117a3582adcb45df2d59f7d5cf251f3aba0c99f2fe951f5b651db6fdbed6f34
RedTeam Pentesting discovered a cross site request forgery vulnerability in Endeca Latitude version 2.2.2. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely.
99a9fe37102713781cb33e19705a416f50053d6d7e9f3c43db8e55b55166f87d
Storesprite version 7 suffers from a cross site scripting vulnerability.
c6b72d41875e95a461df516082b4ea96529aa02422c666dd78d99280ba2170fa
Drupal versions 5, 6, and 7 suffer from a cross site scripting vulnerability.
0a41801d96ef56fb221a470344be2e6815c1304687e4a5802e95ca5896451f33
This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.
ea90ec1ce02362764c088f9a23d4e3e49eb058ef8047c0f1c9b916a1d71d04e3
ZeusCart version 4.x suffers from a remote SQL injection vulnerability.
14392edcd2386fc3bfa622c4621025b3d4cac45565be688d86e2d5c417ae827b
Microsoft Dynamics CRM 2013 is susceptible to multiple security vulnerabilities such as cross site request forgery, cross browser, replay, and file upload attacks.
6b2cfd8531debcc4385762b23654dceb2f5f418d1dd4aad882be46f1e63e17e0
TimThumb version 2.8.13 with WebShot enabled suffers from a remote code execution vulnerability.
6c1a5f9fe02b211531e8610b366ae5ef5647ad9b838030ad32e7a11481a4ccac
This Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has been tested successfully on D-Link firmware DIR645A1_FW103B11. Other firmwares such as the DIR865LA1_FW101b06 and DIR845LA1_FW100b20 are also vulnerable.
450e0c17e9ed8a5889f1222fd8943a072ac89cff24fdb5117836d675f119995d
This Metasploit module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This Metasploit module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.
34fd8be52c6556ed2de772a2ee3aff9ac71be9f460f14eb17c88ae1909383dd4
SpamTitan version 6.01 suffer from a reflective cross site scripting vulnerability.
f3ac07a043a85c59a96327ff59d22880505e159ff1b3503616bcd8dbd5fce37c
This script automates scanning for the Supermicro IPMI/BMC cleartext password vulnerability. It can check full subnets or individual hosts and includes an option to scan via proxy and to view vulnerable hosts listed in ShodanHQ.
e368bb65b92ec2b0491d4f9bcbea58351c46f62c857e2b132316a9843b04816d
This whitepaper discusses a stack-based buffer overflow vulnerability in the Android KeyStore service which affects Android 4.3 and below.
f7115facb01ba5509340d2f23ccfd38240c5a8ae2b85f19bd810f467d71ca0f8
Lunar CMS version 3.3 suffers from an unauthenticated remote command execution vulnerability.
cff5b37c375544761fa806bc0c3496e624435a0bcb64202783a8ab5a37b0b5c2
Lunar CMS version 3.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
2786bb0d9b249dc88b29677559cc03c90654a9fe474bbf1f8796fb995d991d29
jQuery PHP suffers from an arbitrary file upload vulnerability.
2bf4e4f31376b7556b6ba8b6036a5e825ddbd951e030c18fb242c9636f7d28c0
The Zyxel P660RT2 EE ADSL router suffers from brute force and cross site scripting vulnerabilities.
803511c1a74b8532c76db7aab68ac5d70891d93d27344457fe287363c3a140d0
User Friendly SVN versions prior to 1.0.7 suffer from a cross site scripting vulnerability.
2563320161d0c04a3683751b1af8691a3a5d0135333e64fcb8888672f2dd61c4
Linux Kernel versions 3.13 and below local privilege escalation proof of concept exploit.
1ac2109c899cc9ed0d918dfef397ba64d9302acb0de0d5206638e54f5510f29f
ZeroCMS version 1.0 suffers from a remote SQL injection vulnerability.
d4adc25ab654f27e19d62dd54d52cac4e301868fead6c76b8d36705d3ef376f2
This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.
f41d6bd5cd5cf9bdeabe5b3bc68136db162011629dbe4d4e9286da318c9234c8