Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.
d05822677796f7d42a5885b32d014b3e46f07144db1a28c4abd29b4ef4b5fb85
This is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.
d05d7429ea70363cecca14474d2edcf047db67733e981e02c510f7d4967caf65
NETIS DL4322D 300Mbps Wireless N ADSL2+ modem router suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
b0c14dece0ef955428e9b6e9f570ca06da3ba8d664cbb649ec238a4e2091226d
EaseUS Todo Backup version 5.8.0.0 comes with a hardcoded administrative password that is a potential backdoor.
0cc6d6d41811254e9e104cbf690cb20d99997fc1e10e662ae84fce53fa90ec43
This is a php script for brute forcing basic authentication. Takes a word list as input.
2c34929a4ee75e635f22f8cd534b8efd1b01310758d6e71dc4bf7d43ccbfac8f
WordPress LayerSlider plugin version 4.6.1 suffers from cross site request forgery and directory traversal vulnerabilities.
ee946745fef274d92410d3a5ad6ce3b5a599ed334d2b42371eea610f180683d6
This Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.
b4d11d94bdfda21fed51296f5789bea65f23c1f03f5b7bd525895268f5a560b0
RootPanel suffers from a remote SQL injection vulnerability that allows for account takeover.
3b0a2b15e86e26905ee913231acbaecfa5ddc1f2eefcea4109cfc8734f8e8c13
This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval(), in InstantCMS versions 1.6.
f892f3ba804eed45332252715f4d92a0ebdcd7ca8371e0832ec7162473120f06
InstantCMS version 1.6 remote PHP code execution exploit that spawns a reverse shell.
58c5a918b42d3c4c9947890483bf68e4a4eea813701b686f794e5f548a9a717d
Avira Personal appears to suffer from a privilege escalation vulnerability.
eaf724f00a57c953aa68cb8bf5bf660c22076238cbf4e3a71e4f2c63cd81df8a
MiniWeb build 300 suffers from remote arbitrary file upload and directory traversal vulnerabilities.
a57a2db6fe50d9e301599498e605af858c7f62b49d0e6f59f1d1c1a196cf857a
Easy FTP Server version 1.7.0.2 CPU consumption denial of service exploit that causes the condition when sending a POST request with an empty body. Written in AutoIT.
5444040cb0c0fc5ebba94c6715a808fd92aca58033ee9f78ebbb2646a8c9747e
SmallFTPd version 1.0.3 denial of service exploit that is written in AutoIT.
490e57206bbfaabcb311fd30eaeb013e30240b0f0f106cd454c6062b57aa06e9
TinyWeb version 1.93 remote denial of service exploit.
242e36e9ce450ee2d014a6cc29e51d1b091945a978d90246115388bd0ba9453a
ClipShare version 4.1.4 suffers from remote blind SQL injection and plaintext password vulnerabilities.
a568735b6f3205c221aee116bd737215c0b537dd6bb646bc342ef61168392866
This Metasploit module exploits a file upload vulnerability in Glossword versions 1.8.8 through 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.
6a00fc56bffca149e62d8602fbecdb81bf01e94e53c11f7eba4da3baed5c74a4
CKEditor version 4.0.1 suffers from cross site request forgery, cross site scripting, and path disclosure vulnerabilities.
2c20ce891948eae0f4f51822b52a5828b5323feb467a4e2335e8e988ab6aa4ce
Glossword version 1.8.12 suffers from database backup disclosure, cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.
2d5417850fab055452a54292f538cc5ad51a4ade48693dde348bc6cc0b306a79
Glossword version 1.8.3 remote SQL injection exploit written in AutoIT.
b1647adab7c95838d52a37152ef0a824efa23e82e75330c6ada125d53919fbdf
PHP Weby Directory Software version 1.2 suffers from cross site request forgery and remote blind SQL injection vulnerabilities.
572d1b20768e8331c2b66eac4d6d1dc5cfdf85fc241f40af5ca5afd11e3ac57f
Weboptima CMS suffers from add administrator and remote shell upload vulnerabilities.
fc99f270ff007095d824949c224a7ce7178b34040bce8b1aaa503770f5db42fc
This Metasploit module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name.
86b5c1161bf85a443f8e4b8508791a0ee94d2cdae006c712017aee8069f71402
PHP Charts version 1.0 suffers from a remote code execution vulnerability.
64dbb04aef88e5fb2954ee4818a1aac7de41ecf55f1212bd08d0eddd49109241
Business Solutions CMS add administrator exploit that does not require authentication.
fa6b20834c1535c6a89139a7f3194efde7fe3bb133b1ffaf7e80a747ce527856