X-Cart versions 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 suffer from a PHP code injection vulnerability.
5c6af3d1ed388db21242b82fbc516a582dabb01c58afe85edbd84bcdf72fe0b7
OctoberCMS version 1.0.425 suffers from a stored cross site scripting vulnerability.
3df000b7a5627cbc2f13686698775fb84026d7281fc3bd4fb07cb5597369b8c1
WordPress PopCash.Net Publisher Code Integration plugin version 1.0 suffers from a cross site scripting vulnerability.
bc43e6bb6418aa92b18d68bca69df3a6e940982b9f72175c36b19b217ea91135
WordPress Pootie Button plugin version 1.1.1 suffers from a cross site scripting vulnerability.
24a76bc6d718c2e56014b480a5dd48a2f4457b3c5a0a2bd4c5ad481bae6cdcab
Sync Breeze Enterprise version 10.1.16 GET request SEH overflow exploit.
ec771f88550b94bbe9cfabcdcf4db2ad8e3d37f026bd35777f5551bc63ec5a8e
VX Search Enterprise version 10.1.12 suffers from a buffer overflow vulnerability.
d714a624da49d1d906deb28458ae1d8c8d99fd4de2c5a27596421255c59f38ba
ASX to MP3 version 3.1.3.7 .m3u buffer overflow exploit.
13bc3edf4476c4419e1830011e4cdc53a1186994835ec9c4058070a351f28ea7
binutils version 2.29.51.20170921 suffers from a read_1_byte heap-based buffer overflow vulnerability.
726058e1fb4acb175d2d189367a385fbff745ff2cf8453569cb233dbfb4897eb
This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product has a widget feature which is implemented with PHP. Talker.php takes ack and hash parameters but doesn't validate these values, which leads to an authentication bypass for the widget. Proxy.php files under the mod TMCSS folder take multiple parameters but the process does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the web server user.
533339b2e9cfb58d88fe79c7a17a4f87348ca31165bf2459d2e7dc2caa154258
WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.
4dca75cd604be2d9ee5f59b3df5a6b97e028b213c809e41dec3862eafa62e6c7
WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.
fe442cde72653defe51ab63edea37018252e0e898b0851ee4a61c92bdfdc035c
WordPress TR Easy Google Analytics plugin version 1.0.0 suffers from a cross site scripting vulnerability.
ea9d6f445f2db6d613964c18b3a71c4686beb9d26f23bd5d1554ed9afd3ba63a
IBM Notes versions 8.5 and 9.0 encodeURI denial of service exploit.
665e3d77d24d49951bde37e7d172c21162dcd49b47021d00911a8a73b5cb5f21
Subaru's suffer from an issue where the rolling code used by the keyfob and car is predictable in the sense that it is not random. It is simply incremental. An attacker can 'clone' the keyfob and, unlock cars and, when increasing the rolling code with a sufficiently high value, effectively render the user's keyfob unusable. Exploit code included.
8458aea19647ae5b7eab00c281b4787845861d674484600df933adb38473f6a7
The PostgreSQL 10 installer for Windows suffers from a dll hijacking vulnerability.
53508de2e1b750287c30bbe3c9bca27c1d738c50051878d731c03da7ff37006c
Apache Tomcat versions prior to 7.0.8, 8.0.47, 8.5.23, and 9.0.1 (Beta) JSP upload bypass and code execution exploit.
9f631e5a320e03ca0b355844875e6306ba45407ee002501d9bd563bceca5f8a9
ClipShare version 7.0 suffers from a remote SQL injection vulnerability.
458effd7ae06e9c1dc7b21de9744cb6156b02e2ffacd2d4b076251d0f953baa2
Complain Management System suffers from hard-coded credential and remote SQL injection vulnerabilities.
3be585edded8beced2ec612feb0cfb8328342bd18b5adda9d192b4e72f4c2380
PyroBatchFTP version 3.17 suffers from a local buffer overflow vulnerability.
b666b0ec6aef7328c36ec40f9fdf17f6401c1d474e06d6a020ddf4a4e61a884f
ASX to MP3 Converter versions prior to 3.1.3.7 stack overflow exploit with DEP bypass.
d86f957cf16e5039a87aad4be91f2a154278241986f7d082a41731b957986db3
Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com. Use `check` with verbose mode to get a list of exploitable Rancher Hosts managed by the target system.
cedd93ec70ea235aa99b19084d79514a56ad7dd7b2451baa00221a0a6edf4952
This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable.
6b95d890105219958f616c483516ec8ac37b8e04b1fd345dac0b2ebc8176073c
Metasploit Pro, Express, Ultimate, and Community suffer from a cross site request forgery vulnerability.
4f975ffb94cadeb9b86881ec0afee39d875da87033f9c6822af9146e5a9a4d61
Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability.
ca71842cb4e74173030f211999d389dfe2a9a3c19eef8bf22a35b124a45d5cc4
WordPress version 4.8.2 fails to have an expiration mechanism tied to activation keys allowing for eternal use.
a00c295b2439bee4a8946da0bc86cb2acf8c5173fdf2b8e9ac7d765537d6f141