Ntpdc version 4.2.6p3 suffers from a local buffer overflow vulnerability.
88d7b0cb49729812c8fda28923df10c3
This Metasploit module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable cffile line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.
2287ef968db5103fca3148412e85213b
DjVuLibre versions 3.5.25.3 and below suffer from an out of bounds access violation vulnerability.
2fc2f05de190584d3fb754e225e0b64d
This Metasploit module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying to blame it.
8f79ebcf3c681e3fdd8995606de782d1
Gitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.
ee46caf85f37abd2c3b0838eea3b25ad
Ganib versions 2.3 and below suffer from a remote SQL injection vulnerability.
8f69b07b2fc8cb3184db23c82befcb70
This Metasploit module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'db_restore.php' file allows unauthenticated users to execute arbitrary SQL queries. This Metasploit module writes a PHP payload to disk if the following conditions are met: The PHP configuration must have 'display_errors' enabled, Kimai must be configured to use a MySQL database running on localhost; and the MySQL user must have write permission to the Kimai 'temporary' directory.
aec9a8141849e97ce005dc4486ce99e3
Dolibarr ERP/CMS version 3.4.0 suffers from a remote SQL injection vulnerability.
2b984835498a9ffbac99c39ab995547a
aMSN version 0.98.9 suffers from local file inclusion and remote SQL injection vulnerabilities.
799c535c358309c40c005a50d54bffd2
OpenEMM-2013 version 8.10.380.hf13.0.066 suffers from cross site scripting and remote SQL injection vulnerabilities.
0dc344af5b5ec5d81c3857ccb8f0728f
ASUS RT56U versions 3.0.0.4.360 and below suffer from a remote command injection vulnerability.
2c5192f474b5bbfca2e912fa585f1827
PHD Help Desk version 2.12 suffers from a remote SQL injection vulnerability.
8a47292cb45d78061617db6d3fffe2f8
Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability.
ab547448d5e955197b1fe4c76b7432ea
OpenDocMan version 1.2.6.5 suffers from persistent and reflective cross site scripting vulnerabilities.
64d27b831258808f2aa8fe67b0010d03
Ballast Security felt the need to write this paper as almost countless services that we trust with our passwords are handling them irresponsibly. This is a good read for anyone who needs to store password hashes.
6df883bde172ed66055c7172fa4ff6ba