This Metasploit module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither. This Metasploit module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5.
d843ef58af2b82e590925f0a42de6759952ad10722aca5dd7bb3fdf81fef83ab
Zeuscart version 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
83fe2ac3fff4f7dd6763b128da0c9fc09bb6c126b4c892de632011dd0205f869
This Metasploit module will generate a plugin, pack the payload into it and upload it to a server running WordPress providing valid admin credentials are used.
a2b4ca412d9f29c4356c655f0f95dafeadc83a07afc9bdd472d5188927e91f03
Kony EMM version 1.2 suffers from an insecure direct object reference vulnerability.
4ae88ded8493b490c6e43fa9c02849c47b3dc15fefa544ac71e8150dee3bae25
MyConnection Server version 8.2b suffers from a cross site scripting vulnerability.
c9ab77625e1367cca46f4d58fe3c3178212c8c6049ec8e802f27e40fb5e81473
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
327557842dd7782175a33303962605165ac096158c48e68bfc6b59817ebd0933
xaviershay-dm-rails 0.10.3.8 suffers from a MySQL credential disclosure vulnerability.
35e1d1923fcb9cbedc88f92f321c4d39b8695274a52d7b4326b6010d8c0151d5
WeBid version 1.1.1 suffers from an unrestricted file upload vulnerability.
0a29501b52601df8e1a2c36d36023a6d23b42554cdc2393e27eeb09b58827dcd
WordPress ADPlugg plugin version 1.1.33 suffers from a stored cross site scripting vulnerability.
415920191d7780c63381322152622b9cf64d89a50a07bd324e8362f21f50bf6f
Samsung iPolis suffers from a buffer overflow vulnerability in XnsSdkDeviceIpInstaller.ocx.
b6d6a1c2a12ac249535847b900730cc7783217dd0b10561a9b461f6096e66d01
Clipbucket version 2.7.0.4.v2929-rc3 suffers from a remote blind SQL injection vulnerability.
f9100e2bf9451bea1a2cc28324f069af76f121782cfc3f115453c63ed3703a94
PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a type confusion information leak in DateTimeZone.
960a07af7fc962fbbbd63879673d29572b4d34a6892640c9968ebecc39750216
PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a use-after-free vulnerability in DateTime.
a243dbfd64f8ccb636b6f3bfc76ae91d623d78d08de0e0aa1aeff9c533da6157
This Metasploit module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker.
194f0e7d20b41bd0f60332ef1dde95810fea4f44e8d6390c5cd8dd449d473c9b
phpBugTracker version 1.6.0 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
80141a2040b6e83e1773fa82844b97f72955d8ce941b04a67be80c1a64d74097
WordPress Easy Social Icons plugin version 1.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
fd957c35e50224cc064e2cf7276a9291121981439577b9efd85ab12f511589c2
4images suffers from cross site scripting and clickjacking vulnerabilities.
09c4abaa255db0a37a4f9f84e77c05b488e33ba4523376c67742e931a2cd42b2
WordPress WooCommerce plugin version 2.2.10 suffers from a cross site scripting vulnerability.
3050b4f52a9bef799cfb09247cc5c4345f9a7d45e75923cfb83f6d4f552d9cff
MyBB version 1.8.3 suffers from a cross site scripting vulnerability.
1d47711226472947526b8fac23169ceec888526e58a712734ce421ea17a18d26
Various Hybris Commerce Software Suite 5.x releases suffer from a directory traversal vulnerability that allows for arbitrary file disclosure.
17b94928a6a0b7178ed197b19f76f4af812b8e169995b757edc5833a7ce479d2
The jQuery jui_filter_rules parsing library suffers from an arbitrary php remote code execution vulnerability.
131a9fd0e0fc4c224e84111b39ffb97b81febd81cf27c8d5d9d53012bf8b05a3
InstantASP InstantForum.NET versions 3.4.0, 4.0.0, 4.1.0, 4.1.1, 4.1.2, and 4.1.3 suffer from multiple cross site scripting vulnerabilities.
198979dff8c07522717738454f6462a6ff57118fb83d630a79ed893092c24062
Piwigo version 2.7.3 suffers from a remote SQL injection vulnerability.
4f89c8ae87708c11b47721a446fb545ef18c11237e913f40918d5b424441273a
WordPress Duplicator plugin version 0.5.8 suffers from a backup related vulnerability that allows for privilege escalation.
2686c6ec8e9b41b2a83e9491f36cd0847817a7f345ec9514fe10d88a6c1b1be1
DLGuard version 4.5 suffers from a remote SQL injection vulnerability.
c61b126e13f55a698c9e09df95b5f1969f77439a275c7f851da9aa42a597b00d