This Metasploit module exploits an arbitrary file upload in the WordPress InBoundio Marketing plugin version 2.0. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress InBoundio Marketing 2.0.3 with Wordpress 4.1.3 on Ubuntu 14.04 Server.
114356930e9c145630aeafa00184f2b3246d456a0167279e09bbfc184d6c975e
WooThemes WooFramework version 4.5.1 suffers from a cross site scripting vulnerability.
5d124409091d48c2939ad588a90764b38d2a4484f4d89a3139fb746c2c995abf
Xoops CMS version 2.5.7.1 suffers from a persistent cross site scripting vulnerability.
6d96a583b5517d793a50ea4d7ed9518604a1e1041b363fdc87ac95943b0e4919
FlatPress version 1.0 suffers from a persistent cross site scripting vulnerability.
31b2ba9333b2e1336dd35c959bdfed46dda097275be00da883f6f3d2461edddd
WordPress QAEngine Theme version 1.4 suffers from a privilege escalation vulnerability.
83976326087c31c7102e2646fc3829eb8a1f6ff16ade8fae6f4bec7ea6e1d799
WordPress Premium SEO Pack plugin version 1.8.0 suffers from file disclosure and remote shell upload vulnerabilities.
ac5f4c1d1a43f1db2b74fd991cc42657c14e00af6344504e6ebedd072e8cb46d
Encaps PHP/Flash Gallery version 2.3.22s allows for the database to be filled up due to poor design.
3c17bd70e22d359fbe5891372b6f80377b6cbe310ce3f5943b086af8b710c1ea
Ubuntu usb-creator version 0.2.x suffers from a local privilege escalation vulnerability.
27e7534406105f4aac22b824922f5877288f2d101993ee3f2c655de195ee6dd6
Honeywell XLWEB SCADA controller suffers from a remote path traversal vulnerability that allows for remote code execution.
ee6a9dd2740fbab23901b5e759ec313b5cebd9ef618a61394f8d8704f2189df1
Avsarsoft Matbaa Script suffers from cross site scripting and remote shell upload vulnerabilities.
66d3454214fa484ffc9e57110b11324f1f1dae0d839287ad32694e041cc64bed
Pligg CMS version 2.0.2 suffers from a cross site scripting vulnerability.
f1df25d6bd296cf443cd0a2ec4f50554b65c1ab71679ebb6e90c7982ab54faa6
ZYXEL P-660HN-T1H_IPv6 remote configuration editor / web service denial of service exploit.
8813feb1830fa068aa80eccbe2bace47ee9518e75012d7355ca4cf61c035dbf0
Free MP3 CD Ripper versions 2.6 and 2.8 .wav SEH-based buffer overflow exploit.
373482138ce00dfe1ff90d3548d03d8d3b56c24f77088b12e099501be649772a
Socrata Online Service suffers from a script insertion vulnerability.
00abdd243861d3f2dc99eff7e496437710ed8714f01a0e953dabdfe6818b6a52
FreePBX version 12.0.43 suffers from multiple cross site scripting vulnerabilities.
d9d53b3b7599d87fc38d7ee9ff08ed12b0135076e823739c358307a8c50d03b8
Netgear WNR2000v4 suffers from code execution, missing abuse control, and cross site scripting vulnerabilities.
a60514e037b94556a4f79c31a7216ae19ad9a00ce40e4aca9b35cf6a3a16c094
iPassword Manager version 2.6 suffers from script insertion vulnerabilities.
415933c09968cdfa904a10dd1e9fc80833182e8486da654081386a4e06317765
Apple IOS versions 8.0 through 8.0.2 suffer from a lock bypass vulnerability.
2a4fcf39b9674e0fab493951eb2356c8e64520e510a2801dac65a943f0c92d52
HomeAdvisor suffers from filter bypass and script insertion vulnerabilities.
6d5a8398e060794ddd2c2690f9a0025e4f6d0de81b52ed89649f6a4c458ffad8
Manage Engine Event Log Analyzer version 10 build 10003 suffers from a reflective cross site scripting vulnerability.
41f2fd8644c0ad8d91ce4e952386500f322ecd719941a2efdb62bc47bef2701f
Manage Engine Firewall Analyzer version 8.3 build 8300 suffers from a reflective cross site scripting vulnerability.
7df0bf9dab340f2ee8071a709ba19934cb1b57440ddaaac953238973e3a6bd13
Open Letters remote PHP code injection exploit.
5b55b8dec7032e9a0c9a5a10c5e92faa1e847ea73b757f2e6b21d10d4274b5e0
ProFTPd CPFR / CPTO proof of concept exploit.
3a2aa92d9c4f7980f410f8313494e891bbb9e807a8b13f39e584580f72f7eef6
WordPress Tune Library plugin version 1.5.4 suffers from a remote SQL injection vulnerability.
2931fb6c373d55fd921ef587bf5ef92aa275394f123b701795f90f8bc9d6476d
SevenIT SevDesk version 3.10 suffers from multiple cross site scripting vulnerabilities.
32901659aaff584a67884ca5d0a5cbdbd7d3030eac6aeec3e5f69e47058f4e08