Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities.
7bdfe59dc30a3b71753bd3a33281c2051ca69929c42f568988b546e2de5d4ccd
The CFChart servlet of BlueDragon (component com.naryx.tagfusion.cfm.cfchartServlet) is vulnerable to arbitrary file retrieval due to a directory traversal vulnerability. In certain circumstances the retrieved file is also deleted. Versions 7.1.1.17759 is affected.
c7fba25e82be748cfef6834fae314b9c87f9647ed21ced05ff757e5a06e0bb5f
ADB backup on Android version 4.0.4 allows for file overwrite via modified tar headers.
05f57d5729d25c00164ccfa74bfb76fe4328bb79a10efd4cf3e895cd21b26843
WordPress Content Slide plugin version 1.4.2 suffers from cross site request forgery and stored cross site scripting vulnerabilities.
4766ca76e4e167f91e8d6586e49ab8b197c4767255485e74d57daa27c79079ed
The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.
179057ea228364a9ce3f89ec74a1a1873d65e8c8b3dd447dccc0af6935bf1a87
WordPress Citizen Space plugin version 1.1 suffers from a cross site scripting vulnerability.
f85ae4ff7e5349a8c27498d31e4740d3b651ac5a808ca4756f703363ae30f397
Local denial of service exploit for Mac OS X kernel versions prior to 10.10.3.
8b8206b45dab552c0adf67970b3e4fcfdbb4fc7e2eb2c3e21b6e0df9e621e2d3
Wolf CMS version 0.8.2 suffers from a remote shell upload vulnerability.
4990d8207294db847c52a10db69b2d36845054777429b586fc9dc3d039882413
Nodes Studio CMS suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
48c4b8ee1b1536b0509531c834ad18f7f741a4940839a87127f8f0668b6c019a
ProFTPd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands allows these commands to be used by unauthenticated clients.
906b064525d55e5b1133812165abc4af404b78a47f8824d1d53e9802f8d546ff
WordPress WP-Mon plugin suffers from an arbitrary file disclosure vulnerability.
4d1770940cecf45c0e9b92a8e2c05a7ec722c48648c44835feacd66a4247719f
Oracle Hyperion Smart View for Office version 11.1.2.3.000 crash proof of concept exploit.
bb69d53198e80e76ff0eca4eb90e217e462a2cec929d7d3170521851e6381dee
WordPress Ajax Store Locator versions 1.2 and below suffer from a remote SQL injection vulnerability.
fd61a90ff71456bbb57803a78ab4b9979a249f8fe9d9954c7d0fb7e5c79ff6de
This Metasploit module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This Metasploit module has been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L (Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A) v1.05B03, D-Link DIR-820L (Rev B) v2.01b02, D-Link DIR-826L (Rev A) v1.00b23, D-Link DIR-830L (Rev A) v1.00b07, D-Link DIR-836L (Rev A) v1.01b03, and TRENDnet TEW-731BR (Rev 2) v2.01b01
35d9cdabfd053fc6c2ff7f2de254f832a73dc49048156c4f453d8ba4b3f21bc9
Huawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from multiple cross site scripting vulnerabilities.
23d7a6ced961a189c2a32abecdb8ca98c500a122e3542a1ccc4efa230928e57e
Huawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from an XML external entity injection vulnerability.
c7c2407779c7f1a975e407883855dddb3f3c26e41f43b310f77c4493aaafe71b
Comsenz SupeSite CMS version 7.0 suffers from a cross site scripting vulnerability.
691f7c89b1caa0472c8a9be37459934f77fb1772af283aa43f8a6085dcae26c0
Opoint Media Intelligence suffers from an open redirect vulnerability.
97726adab38a15cdc9d6396ef6393518664b286821d2b8b6a2235a7c8ff95f2c
Webs ID suffers from a cross site scripting vulnerability.
aaef7499cb1976d0bbee37571ec5fba3821d04da8aff958ec521f45274f8f211
NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from an html injection vulnerability.
431273588a8007d8827bc1ced3c02b81d49af8135143df355265d68abb2c4abf
NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from a directory traversal vulnerability.
e33e315fb4f1085ac945c6ef7b991ad9217af60eb79756cf09747d1d6ddd857c
WordPress WP Statistics plugin version 9.1.2 suffers from stored cross site scripting vulnerabilities.
7417199952c4f4c2dfe0f63ea7723e48742cb4ca58d9e91e2dd4096de4abde78
Apache Spark Cluster version 1.3.x suffers from a code execution vulnerability.
fa52b7d291365e260eefbd50b902865d8d250fb29a92eebfc41a473b27334295
Microsoft Windows HTTP.sys proof of concept exploit for MS15-034.
b962eb94796643c1f7df4412502d1acc226c3e768498d683a56c3660db367cc2
WordPress MiwoFTP plugin version 1.0.5 cross site request forgery arbitrary file creation exploit.
52e296db0149040e684713523900dd03290ff51cb9294f283bbdac2f84f82b1b