OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey crash denial of service proof of concept exploit.
37db7c5a2fc6b69ab0ef0c6553eac0fc38305a4d5fb988f3709bb90a9b37f70c
Proof of concept code that tests whether or not a machine is vulnerable to insufficient session identifier randomness in IPMI.
ef2dd36385d9dd3821bf9c92f40c31bad16e92d5fa8a6086b0be965e96fecb87
OS X 10.10 Bluetooth DispatchHCICreateConnection crash denial of service proof of concept exploit.
49e70f11df3e52d1bdada50e1eb32c2d0ece6ef26ace20e545b163ba8458f9c3
Gecko CMS versions 2.2 and 2.3 suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
641924170b5fe97cd5206e6af2553f0f88558b8ee8f4c7c4992e6781afd735d2
Snom IP phones with firmware versions prior to 8.7.5.15 suffer from authentication bypass, command execution, cross site request forgery, cross site scripting, privilege escalation, and directory traversal vulnerabilities.
d2c2d58cc183daa4264d0d86fbef93c03c64a2d566cceec9002e366fbba704dd
This Metasploit module exploits an unauthenticated SQL injection in order to enumerate the Wordpress users tables, including password hashes. This Metasploit module was tested against version 1.2.7.
b0515350e4ccd496fb0e7266e0caa11158145540d2f845735488187df6eb3bf1
WoltLab Burning Board version 4.0 Tapatalk plugin suffers from a cross site scripting vulnerability. Versions 1.0.0 and above but below 1.1.2 are affected.
5d11f55fff359670f82ee7eec867318f3c3de3d121e95796ea80115d45a95335
Snom SIP phones suffer from a remote denial of service vulnerability.
a9dfc90dfa8c8f12d789e27b1c02092ea4dd4c2c8d05e6763b86969b623aaa28
Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.
3ed69590b68e44bc5711dfe4b54294c20f7bfaa50ab879dbe8a42222c370cc12
Fork CMS version 3.8.3 suffers from a cross site scripting vulnerability.
46817a9716513fbf904cc210f681e8ee0de86e3cba3780ae82bde54b0f343ef9
CMS PHPKit WCMS version 1.6.6 suffers from a cross site scripting vulnerability.
bc631a532ede7f396bf10e2908c4f90fd2b39943a411c0476b46853b7947dd90
CMS Croogo version 2.2.0 suffers from a cross site scripting vulnerability.
72dc727c24b207af6f9830f6a67f552c49b56c411677bd6a256ced26cc2fda78
F5 BIG-IP Application Security Manager (ASM) versions 11.4.0, 11.4.1, and likely 11.4.x-11.5.x suffer from a stored cross site scripting vulnerability.
16576032ddeda7555602b8798ffb21e9ce47e0cba867050f523c045d39124b0d
WoltLab Burning Board version 4.0 Tapatalk plugin suffers from an open redirect vulnerability. Versions below 1.1.2 are affected.
78fe732207c7a2a7abef9973cb5872d91bd7f59448276755a433bc56b43c81ca
Heroku API Deep Dive suffers from a mail related script insertion vulnerability.
48ce32c2570d9291a426f6f4cf128d5da25797234ae385b612fd9ea3398f7d25
The Heroku API suffers from a persistent mail encoding injection vulnerability.
fe44e4e3f2f20da60dc5606afdb53641c13571e9eb1d45c5cc81b33e1654295d
Local root exploit for Red Star 3.0 Desktop that leverages mkisofs.
7ea83074383ee2da1b5cdb32131278513104a6745972fc30f1769767d4579067
This advisory discusses open redirect issues in Facebook, both old and new.
4aa7a6ba3a89f57a83a96ba40e358dfc5dc69f38da33da44ddb91cbefd30001b
WordPress Pods plugin versions 2.4.3 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
0d05523785cc3c3d6afe4c0cd58b19ca76dd69c34245e15bfa829cfa9677b80d
This Metasploit module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This Metasploit module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.
1983d15e14382b842439b7a8129d4ce859b00fbd289876ecee0e865564af878c
This Metasploit module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This Metasploit module abuses the FILE privilege to write a payload to Microsoft's All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is Windows 7 friendly.
4f82b9e9bf5035178dee3ab985bc03afde702dd4e7ca3f166360be5aa2dd3474
WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.
42ecbf4669c89af75d07968bac4f2e5509c6bb5b265890feae2edd0dd0629e00
ZTE Datacard MF180 suffers from privilege escalation and DLL hijacking vulnerabilities.
61549ca54b62be8573a682ec61570172bcfc6079ecb46713ff0cf356b3781bbc
SoftBB version 0.1.3 suffers from a remote SQL injection vulnerability.
a9bb05a54bd65d9af31a678686b7470862a10aaaebecb3d2413aa5f42f59e1c6
SoftBB version 0.1.3 suffers from a cross site scripting vulnerability.
0ca30b39797f9ec334d5344c1f04d6191ef6d5d061f806698971f94c3a84e33c