i-Tech Nepal Radio CMS version 2.0 suffers from a remote SQL injection vulnerability.
d1025bd4c1202de1ad50de8a8a3ce98318bb2d479a1f19446a1bf6463fed0877
CompuSource Systems Real Time Home Banking suffers from a local privilege escalation vulnerability.
eb1e66983b629065e937bcc9d3f4d042428232857116f37391fd6d668cdf8fdc
Cyberoam Central Console version 02.03.1 suffers from cross site scripting vulnerabilities.
25723eb7a1086e2370f53a54fa6647c9acdf0499d3a3aba9295cb297b783c6fd
Totemomail versions 4.x and 5.x suffer from filter bypass and script insertion vulnerabilities.
347ed963a8f8484f164328a3c14f97f30cce1083e75ae2e5b8613af5d9932d20
Rough Auditing Tool for Security (RATS) version 2.3 crash proof of concept code that results in a denial of service.
12d7b29ab56ac354a7a7bb73a02be8eab943b3498e0f538c356807a4c3766040
Django CMS version 3.2.3 suffers from a cross site scripting vulnerability.
cd0d8627e3d4f429c5205644da8cc99c824b6ba06df465b5a3f2d52c570dc592
Texas Instruments Calculators Emulator version 3.03 buffer overflow exploit that can use custom offsets.
0261e280ea524d7c2831dd9bd565f7a419d891b1642208d0fe44afae9bd4d78d
Telisca IPS Lock 2 suffers from a bypass vulnerability that allows the locking of any phone with only a mac address. Metasploit module included.
b6003d594cc09a8801ce447a82f3c84e8fedad95171104c449337ea0d019a587
The Ubiquiti Networks web application suffered from an XXE injection vulnerability.
d645f5c22a117c00797ef6ddd30973f63867c5fa0aab82f98789a422cbf5aa34
Negin Group CMS suffers from a remote SQL injection vulnerability.
ad141442ab12e00b67e2cf9ec428556e760a92c6d787be756cace677a1597514
C and C++ for OS suffers from filter bypass and script insertion vulnerabilities.
329b1aa3f14ffa8cc34a901452d00ed59a2075257c1f02e7647ba5dab1f0ebd8
WordPress Unlimited Pop-Ups plugin version 1.4.3 suffers from multiple cross site scripting vulnerabilities.
943fa2efcfdbec658d83613399d35548f5db42af4a4e46260001e923b0c595c6
WordPress CM Ad Changer plugin version 1.7.2 suffers from multiple cross site scripting vulnerabilities.
0e299b1da211c516c4fe7bf2343d8e5cc837b4ab5a77b90b236816e14876df7c
Easy Social Share Buttons for WordPress version 3.2.5 suffers from multiple cross site scripting vulnerabilities.
effdeb4ba420bf5d84d9ffd442e8582eb66e5fb009165f4955fae709de944263
WordPress Google SEO Pressor Snipper plugin version 1.2.6 suffers from multiple cross site scripting vulnerabilities.
974082355be55610aca2df7ca32907636934fa498d55dbbd1bde0bdba2e9d605
WordPress Echosign plugin version 1.1 suffers from a cross site scripting vulnerability.
6f6ab95679fb960f62775b09e93953ed4e987e91fb68dfc211274f7cabaf63c0
WordPress Tweet-Wheel plugin version 1.0.3.2 suffers from a cross site scripting vulnerability.
8d2914a71d4ff443cfcf79b23168cfe5ec719cbb01f6054d5570aa5be2b3f230
WordPress Persian Woocommerce SMS plugin version 3.3.2 suffers from a cross site scripting vulnerability.
3f9a09db46f20713c6565e00793a5392aa6bb99bdb64b1ef03899523bb44b243
This Metasploit module exploits HP Data Protector Omniinet process on Windows only. This exploit invokes the install service function which allows an attacker to create a custom payload in the format of an executable. To ensure this works, the SMB server created in MSF must have a share called Omniback which has a subfolder i386.
3f3ee3bebaadc3f10e4f57cb6e085b314f160caf7c79688ef8fc177c8ea4eea2
This Metasploit module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.
eb65f546694378db27ee102831851f498e62d4fb03e39ac60cfe0233903e6505
phpLiteadmin version 1.9.6 suffers from cross site request forgery and cross site scripting vulnerabilities.
292be8d16f4261cf491c35a9bc824f7659e683907e5529a5962c98fc7707acbd
Gemtek CPE7000 WLTCS-106 suffers from authentication bypass and remote code execution vulnerabilities.
745cfcf489634daa60147be08fb47f037b6814b4b22fc0372c239b663d014cce
A signedness vulnerability exists in libgd version 2.1.1 which may result in a heap overflow when processing compressed gd2 data.
3a2ce455a8601a1585ae58c370524696afc5c9cf036efab381d9622a8c9decf1
Symantec Brightmail versions 10.6.0-7 and below save the AD password in a place where it can be retrieved.
88d3d8221a33175dc392a1dde9b17ac2dce0186a796efa0efdcc5c79c77bb457
Exponent CMS version 2.3.5 suffers from a file upload vulnerability that allows for cross site scripting.
c4ece7a07c3fa3b38dd0fb113aad54aacd042e613d452d326da6237d70179fcc