DeWorkshop version 1.0 suffers from a remote file upload vulnerability.
bd29e3aa852535e2719dae85d4c08717e81d8bad623a2155767a0a696f10726f
PHP Scripts Theater Management Script version 3.1.5 suffers from a remote SQL injection vulnerability.
7b078f0aab7a2a66cf17189543058a8c95c2a57d6a68173c4c3d20253b6aff09
Online Quiz Project version 1.0 suffers from a remote SQL injection vulnerability.
e5c3e115348cb033a3f2f3d6a3ecbc2b03ebf8cb7142ac4e326e3c9ecbc1de9c
Photogallery Project version 1.0 suffers from a remote SQL injection vulnerability.
448a0404e6c16371f46787a6b1771837f9ee9d6703b3188cb21cf10917befe91
Doctor Patient Project version 1.0 suffers from a remote SQL injection vulnerability.
09f4b34b978f4199020281e8ee8aed7199ab897bb70340602a27fb0eea9d68cf
Food Ordering Script version 1.0 suffers from a remote SQL injection vulnerability.
08ba15bf81db945b4c38376f8db5dbe9cc519aae6fc8d59c18fc49ef2bb9020a
NoviFlow NoviWare version NW400.2.6 suffers from cli breakout and code execution vulnerabilities.
a4f6a2bf779f6bd7fd829bf89764c62f8a79c20d624607782395fb373eae9fdf
This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. WizardSetting_sys.imss endpoint takes several user inputs and performs LAN settings. After that it use them as argument of predefined operating system command without proper sanitation. It's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue.
50f31837beea28b6c9830ae6763884d12cce54426a4afac257f09c46574b30b4
Symantec Messaging Gateway versions 10.6.3-2 and below suffer from an unauthenticated remote code execution vulnerability.
37f1b6a529ab6c3764111b896d422a29e492f65ebe5da8352f145d76955b8e07
MessengerScan version 1.05 Hostname / IP field SEH / EIP overwrite proof of concept exploit.
52953c658567dea2284dd3c2a101f0d516ac5bb26572161b45421e899aa4ba49
MS05-039 Scan version 1.0 hostname / IP field local buffer overflow proof of concept exploit.
7a932bd492c2e9175792c36fa87324386a58a10ce6e5304bcbd59e0b3c685cf3
MyDoomScanner version 1.00 Hostname / IP field SEH overwrite proof of concept exploit.
e2a7918398b3243711c99d06dc98c0a4c1508d04094077d1c50b4029265261a4
DSScan version 1.0 Hostname / IP field SEH overwrite proof of concept exploit.
62e02657b6644e2b9dcc2c15a2732d71736997a2c87199eca88e7e55bcbb780f
QNAPQsyncClientWindows-4.2.1.0602.exe suffers from a privilege escalation vulnerability.
e1e12b2da3ad4a116388e459dccf615a31e67b830ffdf31117e5b0c3910bfc91
LiveProjects version 1.0 suffers from a remote SQL injection vulnerability.
0e2e40910a9b562c020cda663d763fc767cf5640ab56528f88ad87f283c5ff3b
MS05-039 Scan version 1.0 Hostname / IP field local buffer overflow proof of concept exploit.
7ed261a9cd6c2588b6fbb6c0c4303ce017ca1d2d74f3e3e6fdfd7291d9fd4491
The WordPress Share-On-Diaspora plugin suffers from a cross site scripting vulnerability.
8e341bd07e40327393d27cd430547711351c76ae245dc3d8b5f766e668cfa4fd
The included proof of concept file causes the traits of an ActionScript object to be accessed out of bounds in Adobe Flash. This can probably lead to exploitable type confusion.
3405d594903c387601f7c35a33eb5e51b9377962f2e626207f38421835a61d78
Yet another finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.
dd744360fbce38a89344c69c4be3fb6e4f8093fc7dd49123ac3567a30791d8b7
Microsoft Edge Chakra suffers from an integer overflow vulnerability in EmitNew.
217713876803ee8fb301be8b412d4b727c8939e79817fecbccb1e394b028e57b
Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability in Parser::ParseFncFormals with the "PNodeFlags::fpnArguments_overriddenInParam" flag.
ca6f74d7bb73cacfbaad6ce8151f2d0f5e6e4bc61b8d7c2982869c76df38af88
Microsoft Edge Chakra suffers from an uninitialized arguments vulnerability.
bc72550bd11b91862b70eeef07245ad2a51ef2e44e79e6ed2a13456c8113eb6c
Microsoft Edge Charka does not handle CallInfo properly in JavascriptFunction::EntryCall.
e95109ebc399b86e728a3585ff62325148e6c790cdf3d57b95b295811bcb7ed7
This is a follow-up finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.
f1455b5d16426b1fed7f2d0951c0b89d7dd75973cbee4a79240dd19472ffc899
Microsoft Edge Chakra suffers from an incorrect usage of TryUndeleteProperty.
4c976473480db8694122c88cc93c331174a29c45970f7f7a010917b8046b6a96