Wifi Drive Pro version 1.2 suffers from a local file inclusion vulnerability.
c5cf5d3f463bf90cc37405e42f2ed0f1feba8800be2c7df9bc9363ef6c8a6500
Linkus Photo Manager Pro version 4.4.0 suffers from a local file inclusion vulnerability.
b614388f9b4c56cef7c47d2b254c9e8138617bec9ef83f17c6453718b3ce62ab
Mobile Drive HD version 1.8 suffers from a local file inclusion vulnerability.
5666a93c4bdae7dc1cd57519a7bbf8bf25003b817d748de7aa3502b66c378287
Linkus Photo Manager Pro version 4.4.0 suffers from a code execution vulnerability.
17f43a96d245003246de2b030644e3fb197c4bc15ff7079485eb6279503bef62
PayPal suffered from a cross site scripting vulnerability in the merchant directory functionality.
cb16d835e91864e2fd12a56e0f8d4b54c672986a7f464fbd094742ce8da23445
Ebay Policy CMS and API suffered from a cross site scripting vulnerability.
640f7802754c69626702ae63de020270df5f0b938065c4221335903f9286ca71
Ebay Magento CMS and API suffered from a cross site scripting vulnerability.
79dddf1cb7c553ddf29b677cd9a9b41786da11bff0463642c273fbe7690594d9
Ebay Xcom Item Preview functionality suffered from a cross site scripting vulnerability.
6a48404cf1eebbb0f5b22ddcaa8f5c2dae1874b532ef5baa0057bd698d548ad4
GoAutoDial versions 3.3-1406088000 and below suffer from arbitrary file upload, command injection, and remote SQL injection vulnerabilities.
7256456084495a4dbe3a66cfe151aa2d0781d6b24ed4d1d7335c61904ecd970c
WordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.
6b96d28de3f357652545a0bed162424636126d5a3cec6ab77e597aa31454bbc8
Proof of concept exploit for OpenBSD versions 5.6 and below that causes a kernel panic in sys/uvm/uvm_map.c.
85418d5d6e75f156c9e54a0e8d83c42c375ef65d5592db9ab51ada3a7746d9f6
WordPress NEX-Forms version 3.0 suffers from a remote SQL injection vulnerability.
f3d2ee0169a4862b50a26f4db64ebb0dd910007cf1db21e531bf128f5fd07b11
ProFTPd version 1.3.5 remote command execution exploit.
33b411f75e9e92f4cce90334c9d86dca66a06474776854a23ec5f542a52da3b9
WordPress NEX-Forms plugin version 3.0 remote SQL injection exploit.
ea15e9b2d9dd075be1540595aba9beb5f09e85bb2b6295eb3c61de9681bde77b
PROLiNK H5004NK suffers from multiple cross site request forgery vulnerabilities.
b210515168778f66be7b43848af94d8ab68b509ccefdebb2e6027e6451d59008
WordPress Community Events plugin version 1.3.5 suffers from a remote SQL injection vulnerability.
70c4d2ad7fac8ef6eafa221405685f5b06178fda04b4836ca54fa6d07950996d
The WordPress SlideShow Gallery plugin contains an authenticated file upload vulnerability. You can upload arbitrary files to the upload folder, because the plugin also uses it's own file upload mechanism instead of the WordPress API it's possible to upload any file type.
9a7da5312dab92d7b283154818127736540719c6ad6ac81ce02c41aa922cfeb6
Sites designed by MediaSuite.ca appear to suffer from a file disclosure vulnerability. Note that this finding houses site-specific data.
d1c2b8dfa6337ed1c63d44afd525ee484513b4d9af978679cddb553a633fcd34
Free Text-To-Speech version 2.0 suffers from a cross site scripting vulnerability.
46b05a206f7a1a4cbb0efcc61e5ac4f5fab77e9774ef23670eef275f70851f35
This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145 and 14.0.0.125.
0261f65421dd66c2140dc4d01ec869ffa16a08028c90426650ee76ecbe40cc47
This Metasploit module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
66a2afe428abc2bc5fd7a07e29076cf8d642726dfba85da1125d083fa522fa6e
This Metasploit module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.
06defc0f9a3b1e41269ef7d6c96eebcf75e56a0475dd25a9e1826f8f400e3fd3
This Metasploit module exploits an arbitrary PHP code upload in the WordPress Creative Contact Form version 0.9.7. The vulnerability allows for arbitrary file upload and remote code execution.
f67d354bf1423deeda6860a5375cc709458e085127ee4fde423e1181e6630458
This Metasploit module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.
99dafcf218991769dca62fedd1f31fd6083ce929bdd0f494ed3fe6bdff34ddcb
Lychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator.
838f6b6bb47ee54cd93284f806f636dbf53c9df7899e9dd5db885f98f9535dc9