FENIX versions 0.92 and below suffer from a buffer overflow vulnerability.
6562b200ed6f0101fff5117229054f71cf3af90934e4ca91e22b9087a53116ec
LinuxOptic CMS 2009 suffers from an authentication bypass vulnerability.
fb5510a4e8241f843f5f5647141f946a2f3127a5a149a226a545326bfffff821
WordPress Private Only plugin version 3.5.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
dab9719c8bbda7fbb1bd873063f790d3b7aeb28984b3a0ff28b38002c26621b1
BSIGN versions 0.4.5 and below suffer from a buffer overflow vulnerability.
96bc6b623e2246e2153eaae563245037e96717a2892cddb0b082e2b39ab7c6da
Dogma India dogmaindia CMS suffers from an authentication bypass vulnerability.
e83e7863e16b666b0fa577c942a5232b031229a84ba725a9bedf9a2cb44b6929
The Windows Script Host executables suffer from a vulnerability due to a missing embedded manifest. Using another exploit, the combination of "wusa.exe" and "makecab.exe" files can be copied to the Windows folder. Copies of a manifest and the script host allow to execute the copied script host and bypass UAC warning messages in case the UAC settings are default. Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't accept the admission because it's not a remote vulnerability. Surprisingly Microsoft didn't accept the vulnerability because "UAC isn't considered a security boundary". Only Windows 7 is vulnerable, Windows 8 has a embedded manifest and Windows 10 is untested.
221d3bbec1c5df5426bf707aa9ebcf83deb62a5dcff3e0f43a1161f218d916e7
WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability.
bd08d635da81f1250b0bd7b2decd8288c09061ca8182cdeb83b88b0b64cd4586
ZSNES version 1.51 suffers from a buffer overflow vulnerability.
ac0bbeac824268291f65934827d6406fd927814abaffee462140a86382be50ec
WordPress Car Rental System plugin versions prior to 3.1 suffer from a remote SQL injection vulnerability.
a2cdab0c11366b52adaafd94afcce39eacb22aff6f7f1ff06b4f931c4a631ffa
Magento shoplift exploit that adds an administrator account. Flaw originally discovered by CheckPoint.
a0b1053cf090b751b7847bc8312657f3d98e988645e6d4a2d846df5e19b0cf8a
Microsoft Office 2007 suffers from a OneTableDocumentStream invalid object vulnerability.
71aae25eeff40a890630b5def4b9a4c33395e8cd48b05b1af664a30be591e023
Microsoft Office 2007 suffers from a stack-based buffer overflow vulnerability when handling a malformed document.
fc3f3a43acba1f2993d16df8be2f8af7217caf24ea88bc37b3ab71571b41e296
Page2Flip version 2.5 is missing an access control and due to this allows for information disclosure.
4d58d05abd8782f6ea8e55b951adbc39826bfb054bc42cad328a0157a2cf0cf3
Page2Flip version 2.5 suffers from a session management issue that allows deleted users to still login.
3dd3826320edfc3d9787b04d941d218aa5fcb2d184361a4c7704cfea80c20ef4
Page2Flip version 2.5 suffers from an authorization bypass vulnerability.
81eff9c8072a47333a722737d210492a75a50e881af03b9fbb7745d495b77d5c
Page2Flip version 2.5 suffers from an insecure direct object reference vulnerability.
88377ffbd2ae0e8c6494acd84244a8d80fc28f3b4cb5e706a672ceaab14433b9
Page2Flip version 2.5 suffers from a persistent cross site scripting vulnerability.
a80dbfc906c92033fe34653626d3672fe4672f10582601c6398132ae3406a17b
Page2Flip version 2.5 suffers from a cross site scripting vulnerability in the create user functionality.
8c4a6a8c8fb7c3e5d54cac7cab64b3e9ec1fd020d73d675cbf2229ba4b628693
Page2Flip version 2.5 suffers from a denial of service vulnerability.
d605475e023fd099f6ae5991a6c9dc8b5175e3d6115f0f5e24bdef720b8b65c0
WordPress Google Analyticator plugin version 6.4.9.4 suffers from cross site scripting vulnerabilities.
7f7523e430b3afce63313d41c2b6e4084ef335223ee61e6f6fdb35a34d45f768
Netop Remote Control versions 11.52 and 12.11 suffer from hard-coded cryptographic key and insufficiently protected credential issues.
bd92784b38a1c301a6674b12b72e327934aa4b895b78f8ea87bbefcaaebfb4a3
Pligg CMS version 2.0.2 suffers from a cross site request forgery vulnerability.
e8df6ea13dde593af7dce761b232c1d61d5a0fb061392ea66d9fa5a7ea0f440d
ResourceSpace CMS versions 7.3.7009 and below suffer from a remote SQL injection vulnerability.
f8889e00ce3b0fba310c27b4671a53d11f1156966615698aad1a1d3558bbc703
This Metasploit module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability.
c7380b4bd424349eceddb0191b851de4ff91a0a5afb8b3430ceffce5b834c992
WordPress Googmonify plugin version 0.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
06c403fcedb1a7fd5d3e040288ea006db2072b20c5136ce9aea6ead2c5f43109