ComActivity version 2.14.35 suffers from a cross site scripting vulnerability.
811f05821587559d1d5b5dfda3115d93ba677e4524b0e3cfec7d39332bac3a40
Oracle Outside In File ID library version 8.5.3 suffers from a memory corruption issue.
9c8ae6dc6a9a6d7b3b12479fd7a07ef5b5ceea818473f03193e8c865a379ff34
This Metasploit module obtains root privileges from any host account with access to the Docker daemon. Usually this includes accounts in the docker group.
21635da937bd87b43dde24314b9ad467daff6d045814c41f0388dc2c1020eeb3
Oxwall version 1.8.0 build 9900 suffers from cross site scripting and open redirection vulnerabilities.
a4c32ba0454c27f760c02f058d4510e06c897d4884125228df497819f6da4eec
MyBB version 1.8.6 suffers from improper validation of data passed to eval allowing for the disclosure of the database password.
3d6c1ec3482077a352cb0a1a11260b9058bbaaeece23cc1c48d42e8cd4fedab7
MyBB version 1.8.6 suffers from a remote SQL injection vulnerability.
578a8a6a42f1e722099b1d3ca87e3226ef2457eef8e1c59405a504c20e3f5b73
MyBB version 1.8.6 suffers from a cross site request forgery vulnerability. Additionally, it stores passwords using weak hashing and sends password in clear text via email.
351e86f1c83bf425eb67931e6cb7d4733f09eb3e132c0c56808dd7f55ec4eb09
Kajona version 4.7 suffers from cross site scripting and directory traversal vulnerabilities.
ed67e0114d9c33fdd1a3636f58d44dd22b21cc8994dda5e7185b29e8a676784c
Peel Shopping version 8.0.2 suffers from an object injection vulnerability.
f8e546fb1b2fb0fa264d9960e43b71446e3c9db90f144f95349ceefefa2e21d7
This is an additional EXTRABACON module for Cisco ASA version 9.2(3). This does not use the same shellcode as the Equation Group version, but accomplishes the same task of disabling the auth functions in less stages/bytes.
b48c246e5c9d0e2536c96945fc13c72466f5ca13beb249ed401f73eedaf53ac4
MP3 Cutter version 1.1.0 suffers from a registration bypass flaw.
99ca49468c2b0873ac3f4c1a3263cc0c733ad1d60e29c4f2cd85be483c4ee3c9
AnoBBS version 1.0.1 suffers from a remote file inclusion vulnerability.
4c11842d58ef08fa53b6dad979d774aeaffbe2f8389350ae85d0e91ea4ec6dd6
BINOM3 power meter suffers from cross site request forgery, weak credential management, information leakage, and cross site scripting vulnerabilities.
da90f0253119dee9efcf642299ab65df9fc9b9a14cd008de6f27108d78d99c7c
Apache Mina 2.0.13 uses the OGNL library in the "IoSessionFinder" class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method "find" is called. This class seems to be only used in the JMX MINA component "IoServiceMBean". When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.
5dca9550346e53b4b4b1f76ec51319517cdbd8e4a939ec303316d56728bfe74d
This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1), NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.
538ce6a834dffd6d9e669ab16ae984c12556d38cab1d2870f6bbbd5bc570cb23
Cisco EPC 3925 suffers from cross site request forgery, cross site scripting, HTTP response injection, and denial of service vulnerabilities.
ed4af8b74667a82a5e98bb51f2fba7e957bd5c72c053429d6de82646b744cb56
ASUS RT-N10 routers suffer from code execution, cross site request forgery, open redirection, and cross site scripting vulnerabilities.
dcdcb2b75c0284cb708af0e9f786968b3347b8b5d0a0914ab6939ef508380ad5
PrivateTunnel client version 2.7.0 on x64 local credential disclosure after sign out exploit.
833c62176b378d25b4bb3217d9ac7e9b9d1544e1f72f511ed6bc0bf04f288d96
Bezaat Script version 2 suffers from a remote shell upload vulnerability.
deac276f862436d000fd9e40fb444322456cb14fc468456ee75425acb2115792
Bezaat Script version 2 suffers from a remote SQL injection vulnerability.
f7543b385c7de6c651fac0838df731683cc5ae7045b0102b68f2d852c71b3087
Mum Map Edit version 3.2.6.0 suffers from file manipulation, passing of credentials in GET request, remote SQL injection, and other vulnerabilities.
6c295fdd7f7a3b1e1dfbccadbc6b1e541384fbabed8441cf673d86b21c8c8853
Siemens IP Cameras version 0.1.69 suffers from an arbitrary file download vulnerability.
01a780afd8f5d501bd59f3b099b6a25268b9ab5bf3b7d184618330f109b16376
WinSMS version 3.43 suffers from a local privilege escalation vulnerability.
e97b6167bf71488906ab8afba1333eb7e3ee2282fb54aca77ef426faa7239259
Microsoft Internet Explorer version 11.0.9600.18482 use-after-free exploit.
0e3af4b4a6dbce4ae5a6cba4e7aaaba1d681fb748ed27e9320ff2812bf7d01f0
Multiple Icecream applications have insecure file permissions that allows for privilege escalation.
32383b205f0751a95a6ee956fc1c76a9d7441a8599a420ea8d90e54cb72f22cb