Joomla Spider video player version 2.8.3 suffers from a remote SQL injection vulnerability.
6ed2b156ade9720a425662be9c1826fcea87daa3ea39ee657f3b9d9512527ac2
vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities.
88cde664c272d996d08d14171c3255608195c5e43983024662c4b1a6061485ae
WordPress WPtouch Mobile plugin version 3.4.5 suffers from a remote shell upload vulnerability.
7edb381dc99e6e071b376894e47673e6a5d4a2b0f2bbc8d49710cecd99b9eb26
WordPress ShortCode plugin version 0.2.3 suffers from a local file inclusion vulnerability. Note that this finding houses site-specific data.
ef4485a00a05196cc2ba090494ef148cd178da683b19a50a019daa50233fd67d
ntopng version 1.2.0 suffers from a cross site scripting vulnerability using monitored network traffic.
416f680eca8af567594e8b6d180dbb890b3878af0da9c1fadbc83a8c0321e8d1
Dragonfly gem version 1.0.5 that is used for image processing suffers from a code execution vulnerability.
73d1691babfa29eb6acc63825a9b9c11c898fc71bcf13f71d6edd27512467136
VTLS-Virtua versions under 2014.X and all of 2013.2.X suffer from a remote SQL injection vulnerability.
0ed68a92acb71c2b4782d8ca3eae4b92903781f036fd18f10eded456952c6dfb
Barracuda Networks Web Security Flex Appliance application version 4.x suffers from multiple persistent cross site scripting vulnerabilities.
f9fbb5dd5944a82fd180aaec52a36c4c69a4e909cf944956e674721c4399c8b0
Barracuda Networks Web Security Flex version 4.1 suffers from multiple persistent cross site scripting vulnerabilities.
ece2c59c8d74f20072a1679a21750291f342d6dd646304a909824b4550e4fc97
SSDP amplification scanner written in Python. Makes use of Scapy.
faa957efd4fa5aa13163e90e0aad0e3bc11900ced7ecb7b093daae7820f92053
Air Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.
b8c61362492344b22533cf0c29ae89e1126382231a1db7c063c8dfffc085a1da
MEHR Automation System suffers from an arbitrary file download vulnerability.
43237482bf048fe3e4d3a8426312aff9c448c4522aee0f9855cc51af36bee3d7
The Online Time Tracking application from paydirtapp.com suffers from a persistent cross site scripting vulnerability.
18b433b693fcd82a50e6e2429514d31e634805f790d3d1ad87ec5e529f7c4c67
WordPress KenBurner Slider plugin suffers from an arbitrary file download vulnerability.
0d8d60eff80420577c5cf79690cc7f6d887078835dd87f351ab0bb4af085615d
@CMS version 2.1.1 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
e6854c856557d35be96b4420bd74f6f1855d65f1a97995aa9ed4e9ce797e38c4
SMF allows for a denial of service condition due to a faulty filter.
a17c1fc2d75d13b9b2542fff763dfc53947c4fb73ba1599019190380ddc685ab
Innovaphone PBX suffers from cross site request forgery vulnerabilities in the administrative user interface.
2c0df44e0bd7ea867e3d05730352bfb283978ace1116d35dc39ded95dd584dec
Fatt Free CRM suffers from a persistent cross site scripting vulnerability.
075c9364c40e51879675adf412d10c0e60eaba645367a9036c80e3b0415405c3
This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as the user in Linux. This Metasploit module exploits both PostgreSQL (newer builds) and MySQL (older or upgraded builds). MySQL targets are more reliable due to the use of relative paths; with PostgreSQL you should find the web root path via other means and specify it with WEB_ROOT. The injection is only exploitable via a GET request, which means that the payload has to be sent in chunks smaller than 8000 characters (URL size limitation). Small payloads and the use of exe-small is recommended, as you can only do between 10 and 20 injections before using up all the available ManagedConnections until the next server restart. This vulnerability exists in all versions released since 2006, however builds below DC v7 70200 and PMP v6 6500 do not ship with a JSP compiler. You can still try your luck using the MySQL targets as a JDK might be installed in the $PATH.
2303a20c633607820360bf175e8ddcfcf3d6b6b09c0f821b088c81147d0f9348
MyBB version 1.6.15 suffers from a cross site request forgery vulnerability.
1d3cbd754819ecc59f45d3c06619581f1198302e0b64245967e18910a34dda88
CMS Agencija O2 suffers from cross site scripting and remote SQL injection vulnerabilities.
f07d37bc985640df912af83e027860dfb44dd82b807aa4a00588820ffcce80d3
MyBB version 1.8 Beta 3 suffers from cross site scripting and remote SQL injection vulnerabilities.
dabab641dae9255bac128fc3d2e933d5be5af5ba51c232b96f0fc9c5c33828a7
Content management systems designed by Dashing Times appear susceptible to remote SQL injection vulnerabilities.
8e1e463761d4827cd6a59576788f068dfed5b06371c54dc07fa1ec37a0bf4210
WordPress All In One SEO Packet plugin version 2.2.2 suffers from a persistent cross site scripting vulnerability.
fda7f45cc565a3147e5ba92c58662a487ff60f0478cb6e7f55ce73080ff1e02e
ArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.
7c5659fce0f2f013119ba1cb640fb4096e1cb15afb78f203f05a4d647b441c86