Microsoft Windows 10 suffers from a pcap 10 local privilege escalation vulnerability.
2a6f71e6ea24ffa95d665c29a163c5427a3aee51bf40142dd284a6ecbe29183f
MacOS X 10.11 suffers from a hardlink bomb issue that causes resource exhaustion.
4058ea8977e433e0872ba59dabcc96a98e1a41577ee9392d7c6db485784a1396
The MacOS X 10.11 FTS library suffers from a buffer overflow vulnerability.
6e8afd8414e594a1c22b90fded2505f57393097d961dbd2f8a8dcd3ab5996ea9
Clipbucket version 2.8 suffers from a remote blind SQL injection vulnerability.
0879e22ea741f95b1974da688f9ec493df631683872484513b7c5a4f3f884f8c
Virgin Mobile suffered from a cross site scripting vulnerability.
c5ae7da77839cb9f55f99e5d57ca2c178ea7e41013c27624b2797528dc9698bf
Winamp Bento Browser remote code execution exploit.
10340d4929422ca8dcaf401b8098025130e2999b595b8d166b2e549c77c4ef71
The Realtyna RPL application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
047a0c2fea9daff58d424e91c2902c98b106fa3fb893e43fbb2aa3fcf6462fb1
In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. Gatekeeper should be disabled from Security and Privacy in order to avoid the unidentified Developer prompt.
9ce25e64b927af84c807e90aff34d53a6d9d3e37334d7f8087944eb2e190924f
Realtyna RPL suffers from multiple SQL Injection vulnerabilities. Input passed via multiple POST parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
711cc873d9f03c97d0b1aff0b9423799ea4457bd355199d1d787cb915373136c
This proof of concept exploit allows any attack to reboot any CX9020 PLC and add random (Web) users to be configured.
e9c12da930af4ff1905dfad1e33339cdaf3ba7a5fbb4f3b0eb58ec445d1ad02b
TeamSpeak Client versions 3.0.18.1 and below suffer from remote code execution, remote file inclusion, and directory traversal vulnerabilities.
0f1f28ec7d178ae2c06e6cef9201c86e88856619c37624414d85b53ac8c1c798
Microsoft Compiled HTML Help remote code execution exploit that downloads a malicious file.
f4dc71da21f607ff9cc2c465a0b85603953ff83391f6e202d6235c9186f0f389
Subrion version 3.x.x suffers from various access control vulnerabilities.
62768949a23bcb01a340e14b69cadd8ee0b7efefabc11cccce4ab1fb165617b6
Issue number 42 from SE-2014-02 has been addressed by Oracle. Included in this archive are proof of concepts and information regarding the fix.
7df623023a7204002b65855afccec136cda0d1a4a5470f0bb205626f4b1824fe
AlienVault OSSIM version 4.3 suffers from a cross site request forgery vulnerability.
070be2bd3bbec9a09484c82f4dfab63895888bf9f5181660c7a06235ad2250d5
The World Browser version 3.0 Final remote code execution exploit that downloads a malicious file.
31359c9c17043d8c2e045d3a8fd263978d1aeba799e30d7f647055a1579eeca6
HTML Compiler remote code execution exploit that downloads a malicious file.
317e8b8ffb24b8c80a55e79508fcdc36cf5b620e1b361a2a7dd28d2b251903c1
SiteWIX suffers from a remote SQL injection vulnerability.
ce2689d63edc3530f187eb722b672751ab937aa7fdb4958e2b269cdc34c0d585
HandyPassword version 4.9.3 SEH overwrite exploit.
28360e0ad91ef5a4ef9bb77809020a4456e4efe303701827b765fc1df5e11c26
Avant Browser Lite / Ultimate remote code execution exploit that downloads a malicious file.
5ab2d67e6149f8c3a415bc81bde315dcde4c9dd1f891a0bb494efa79823cf472
This Metasploit module exploits an information disclosure vulnerability found in Zpanel versions 10.1.0 and below. The vulnerability is due to a vulnerable version of pChart allowing remote, unauthenticated, users to read arbitrary files found on the filesystem. This particular module utilizes this vulnerability to identify the username/password combination of the MySQL instance. With the credentials the attackers can login to PHPMyAdmin and execute SQL commands to drop a malicious payload on the filesystem and call it leading to remote code execution.
e2a78006f6a2c8dd9641e9a3343f7060a143d27b5463d94361969f139f4f5d48
RealtyScript version 4.0.2 suffers from multiple time-based remote SQL injection vulnerabilities.
1f3e785774f832fdf7b1357440cab9156e77b9370708776c8323b95ad53d9a77
RealtyScript version 4.0.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
52e7d360f908ff7c5c99d64a09ae2d854f6620a32eea4ef65b1e618bb124d744
Belkin Router N150 suffers from a path traversal vulnerability.
1e7e9c221d65bf47b17103e6063504f57866728b11efe314d4c68fa4d520d8fe
VLC version 2.2.1 libvlccore .mp3 stack overflow memory exhaustion exploit.
4c382ebce335d9a7668cb69e58a670fd8e9a5aaa3a62593ac3fb8685d10f39d0