Tango FTP active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects version 1.0 build 136.
7c5d287b7285d97c773bd521ba096c6d7155b06570a00ffc57b3294319a812a1
Tango DropBox active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects versions 3.1.5 and PRO.
3c8dfe4be4054d363a2c7bf83cffe6bedd810b2e267d01f52bc1df31959e5112
ZTE ZXV10 W300 version 3.1.0c_DR0 suffers from a session vulnerability that allows a remote attacker to delete network settings and more.
e6b4753445eecdc540f323caf6ddd8959dc3d0dc105d4e6952e16e30eb542b98
eBay Magento suffers from a cross site request forgery vulnerability.
b3c0c736ffb72d43d1fe671c55dffcbc1392deeada1261b19a1a3ef5cb7b4d6c
A persistent input validation web vulnerability has been discovered in the official Magento xCommerce web-application. The vulnerability allows remote attackers to inject own script code to the application-side of the affected service module. The vulnerability is located in the filename value of the image upload module. The attacker needs to create a New Message with upload to change the filename to a malicious payload. The attack vector of the issue is located on the application-side and the request method to inject the script code is POST.
2d046bdbb2f5dbd96eb46e550a4e42059c43e67f2b94273651e0cdfbf7805252
ApPHP Hotel Site version 3.x.x suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
890ce1d4ffe628ac729ca8d7e542f34a6085bef5d2b10be9540e4c255325d05c
A client-side cross site scripting web vulnerability has been discovered in the official Magento Commerce Premium Theme front-end web-application. The non-persistent xss vulnerability allows remote attackers to inject own script code to the application-side of the vulnerable online-service module.
93f9dd7fd63830ad50de3dc317332c7a3e7b19e91c8f617f35ef178a5970df46
WinylPlayer version 3.0.3 memory corruption proof of concept exploit.
788887d72aeca51f9c07a787f09f5f2b971d388afc67b75f0eaa8a3c94812388
HansoPlayer version 3.4.0 memory corruption proof of concept exploit.
20b9090c4b132b0b60d1f278ce6a8efb8bcfa0d4a1e0123be1f206ac25da0171
Wonder CMS version 0.6-Beta suffers from inclusion, password disclosure, and directory traversal vulnerabilities.
397399516a0b38c8578b9229ed23840b442e7ec378ee95438a4c113226f252da
Vitubo CMS version 2.3 suffers from a backup related database disclosure vulnerabilities.
ff364b84ea8625fba97d912d8dd6331b0c0dd9676463163ef07e5caaea3f8ae8
WordPress Revslider plugin version 4.2.2 suffer from cross site scripting, file download, and information disclosure vulnerabilities. Note that this finding houses site-specific data.
8ad1c24b948d5a65dab914200443c87ffe00a1d155d37bbd652a95364274a234
Just A Forum version 2.1.1 suffers from a cross site scripting vulnerability.
f942628108d16b6d63256b6d0445ec551ce6bb7db1df80e6b5741033053809cd
Vesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability.
8afef03dc758fc7e9258cea86f2165628c4ee859debcb92aa2ea90cfb8973453
SearchBlox version 8.2 suffers from a cross site scripting vulnerability.
c50cf93766fdeb247be5b7f551e3e1f70a06620929967b43da8b53e840f1e73c
Symantec Encryption Gateway suffers from a remote command injection vulnerability. Versions prior to 3.2.0 MP6 are affected.
e6ac92a40468adfad041080b0dc12276912bcdfa8a08e999f17136b0003f5f9e
BIGACE version 2.7.8 suffers from cross site scripting and file upload vulnerabilities.
33159b3a9180da99ad88ee3d773bbc6ec6a99088dc5297a33bf65aaf68c6079d
Audio Share version 2.0.2 suffers from cross site scripting and remote file inclusion vulnerabilities.
a3a8905088e570ff7fa1984524f21cf56f5f55619ab6518165d24f7c5f880f37
Alitalk version 1.80 suffers from various bypass and remote SQL injection vulnerabilities.
8471cf9736c040db77b8cbf37badbcfdb3f137f9f3664d06af4cbb5b1d6b2457
4images version 1.7.11 suffers from inclusion vulnerabilities due to trusting the host header.
58c8498e8bf4f00d45c7e52fd8d323c053bb404232140cfc9cb9537707c06ec0
Imagevue version 2.8.9 suffers from cross site scripting and password disclosure vulnerabilities.
da17b864a9c9189ea39befb9d3b0dd1691517d8f6afb17b6cddc81e4e0716486
MantisBT version 1.3.0 suffers from a remote file download vulnerability.
671ba2e0e285945b42223f1727978cb7d9171580b07eb50f0c2b649e8ebddb1e
The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04. Included is a full exploit demonstration root code execution.
f86829bc8ea48c36f6d3cd054fa6293bb6beab50057404ccaddcd6c16e8bed3c
CellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site scripting vulnerability.
3dbbd6127d694b4edcf1b718fd1acdcbca841f4fde9082ba044f21f713cb578d
CellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site request forgery vulnerability.
b4208c80088ecfa773353853c2cf70171df70a35ad267695d22e5afeee28d344