dotclear version 2.8.1 suffers from a cross site scripting vulnerability.
f7069d8f699466eafd8721698222a6c4a8e0e2de33c5167d42ccadd7ceda4dc0
dotclear version 2.8.1 suffers from a remote shell upload vulnerability.
397c80d12c7ffdf3b32fe5dd2b3fa36c21b9925303a3b7d37c9acb21df26bc19
Open Source Social Network version 3.5 suffers from a cross site scripting vulnerability.
6b43e4db85608c7ea9b3bbbfd9ad2335a3880b7ccdc5a3f30409c3e3dc42403b
Sitemagic CMS version 4.1 suffers from a cross site scripting vulnerability.
1a5b3a16d05ef74a616c19f5074dabc7c842d17092c05b02d1fee56a180fbf8b
Thelia version 2.2.1 suffers from a cross site scripting vulnerability.
d430ec1cd2b786dd0e34ca60a48eec5f4c86415f4ae811cca1e24ed3556d7d59
TomatoCart version 1.1.8.6.1 suffers from multiple cross site scripting vulnerabilities.
90d2bdef10fda1ffd5a99c563d61c632e71e8dd15211f6ef39065911bbe996fb
TomatoCart version 1.1.8.6.1 suffers from a shell upload vulnerability.
63e4197d92bb8171bb14bf5926941e3ec8dae1a129691757075007248b94ed9b
XCart version 5.2.6 remote code execution exploit written in python. Requires having an administrative account.
896ddf0d0a2e4a8d6f2af64165611b77a4fd544b2a759c11e90864ac19ca025c
XCart version 5.2.6 suffers from a shell upload vulnerability.
84e11a5e95f7a79b6775bd995bceb71b3859f49098a989ba0be5007d2028380b
XCart version 5.2.6 suffers from a path traversal vulnerability.
5c1c110574ce1acbbaed67c6be6f38018fdccb765ec106a0144ebc87e508d6f1
XCart version 5.2.6 suffers from multiple cross site scripting vulnerabilities.
763c977d97082e919faa395e52fa7254d3be11028e102714cb5fc8d78f8b4388
This is a write up on how to grab a remote shell on Seagate GoFlex home network storage systems.
04bf562e369912c73eb24b90c98f964884eda934bddada9642ca661da0e97ca7
An improper validation check in Wirecard Checkout Page version 1.0 allows for price manipulation.
4ffd92860793ff45edfbcf60723efee162f13fe3376e2ff564acfa3643017ba4
ZTE ADSL modems suffer from authorization bypass and information disclosure vulnerabilities.
c8cc58a9774ae52bb5d5fb84d55e5fcdfa1127e663889f344fa1a78b2eb1f858
This Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution. Although the vendor fixed Up.Time to prevent this vulnerability, it was not properly mitigated. To exploit against a newer version of Up.Time (such as 7.4), please use exploits/multi/http/uptime_file_upload_2.
3a747350c98cce69fa71e25b346c4de32b1a03a8ca5d876cf4c6dd0be8365fbc
This Metasploit module exploits a vulnerability found in Uptime version 7.4.0 and 7.5.0. The vulnerability began as a classic arbitrary file upload vulnerability in post2file.php, which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated by the vendor. Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it can still be bypassed and gain privilege escalation, and allows the attacker to upload file again, and execute arbitrary commands.
e4c4f677632b91ee1052cfd06295ff58c8b4598033272f0dde8231ba8fb27720
This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
3d697e9884f896d99ec27c73b56469d04ac0450703c51290468ce41cd7c38ae0
Tails versions 1.6 and below suffers from an information leak vulnerability via a symlink attack.
4bc182b9191120b13aafd944de470614c5ad8a118056b97853287258da456e0f
b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection.
7a3f5f494c2b27e756fd6b73c4b14796921e7612b045ce5d5b218e90626c8178
OpenBSD net-snmp suffers from a credential and information disclosure vulnerability.
a80d494deb52dc8a57e8c8f3a438e4dc2e1095c1a787fbcd33b9d4404d060cac
TUDU versions 0.82 and below suffer from a buffer overflow vulnerability.
83d68c94f65a0c6a83f7c6cea1eec4c53d6e68e59bdfdbb19fb361e7ece3a0d3
TACK versions 1.07 and below suffer from a buffer overflow vulnerability.
7a22ef85875781a10dfe0095384f3a4b53d4b4596ef11747a0cf7e01b917b59a
The WordPress i1.wp.com site can be abused to make arbitrary HTTP requests to other sites.
d25015a788fa798b28a2ffdfe2bbbcbd4e799a8d1d498442d16b1d02adf43af7
A vulnerability exists managing a shadow stack in ESET Antivirus. It allows complete remote root/SYSTEM command execution on all ESET platforms and products.
54e383e693089b91935fe984c9f900208e8ba9545096a2ebbf8cb88081990c3b
Sam Spade version 1.14 S-Lang command field SEH overflow exploit.
41df67192f57558444ffeab55b4679775fef44272a59521f731572d482a397d5