MotoCMS versions 1.3.3 and below suffer from password file disclosure and shell upload vulnerabilities.
50ef5f1a3f0f908dddc8abdea740939f5d9baf76b7b62233a900f21d57fdd029
XML Sitemap Generator for WordPress versions 3.2.8 and below suffers from a remote PHP code injection vulnerability.
392e6bee500cdf72349e1e6a1fa71c23a6256f393a3c9c89859bb4d62cc50e32
WordPress Spam Free plugin version 1.9.2 suffers from a filter bypass due to letting the client define the "comment" source IP address as a variable being passed to the server.
a4bff041963cdaab3664b99e8efe9ad4aed56f50b5b3e27f611f817c324772e5
osTicket version 1.7 DPR3 suffers from cross site scripting, path disclosure, open redirection, and remote blind SQL injection vulnerabilities.
f41bccaa0226cbecc381d721ba9315fcf74a7847d74a106ef0094c82852aedce
osTicket version 1.6 stable suffers from cross site request forgery and remote blind SQL injection vulnerabilities.
cd698e414cb67a7c234b27341925e285901d58be5a6e0ad8d597914224f8757d
osTicket version 1.7 RC2 suffers from cross site request forgery, cross site scripting, path disclosure, and open redirection vulnerabilities.
d49668d8ebd530b36b21f1defe4f01ce2d5e639b0faa1112f39129e21422710b
WordPress Sahifa theme version 2.4.0 suffers from cross site request forgery and path disclosure vulnerabilities.
f115bac0fb87d670a37616d6226e447df22839805d05c7a1b38d19d31df39ef9
Newscoop version 4.0.2 suffers from path disclosure and remote blind SQL injection vulnerabilities. Note that this finding houses site-specific data.
1f994a8d225a2775ca5787a4cb6f4092b00101fb1d4cb00c69aa00ca9b4e44e2
Incomedia WebSite X5 Evolution versions 9.0.4.1748 and below suffer from bypass and cross site scripting vulnerabilities.
6c4adfb0b186de88cf8aa1d1d84f4ddb0f4cd1d3e8f1f19606cace93970fa3a1
Greenstone Digital Library Software suffers from cross site scripting, password file disclosure, broken salt, and log forging vulnerabilities.
6abb1bda55fdf2a144f85a5781c58e9555df57ab3346329f169d03b28b7f55e7
Inout Article Base Ultimate versions prior to 2 suffer from cross site request forgery and remote blind SQL injection vulnerabilities.
831d1c4d5bb5f52d532ddd88097b54985d05095d7c28b49e19626e680e99fa2a
cPanel Pro version 11.32.5.11 suffers from multiple cross site request forgery vulnerabilities.
62e54f57ea468cd7f398a764eb340cade258cb335a001a7ea61badbbad00d34e
Videosmate Organizer version 4.2 suffers from authentication bypass and path disclosure vulnerabilities.
880befa250d4287f9d17efed7dffd5623e713602127613fb7304b05c5fb437f4
TP-LINK TD-W8151N 150Mbps wireless N ADSL+2 modem router suffers from a cross site request forgery vulnerability.
427ec14298c7ccdd86476a0829cf8b76602d498105b951c45aba638947ed5cb6
Drupal version 7.15 suffers from multiple path disclosure vulnerabilities.
da97f6c6b621a645409067c51ab630e17eccce383e667955d67f4fe8018bec3e
WordPress version 3.4.2 appears to suffer from a cross site request forgery vulnerability.
8af686881751d2aa70f5450175099f61552a275371353ead762482baa2fc2edc
WordPress version 3.4.2 appears to suffer from user enumeration and path disclosure vulnerabilities.
f672ffa3fe1c2cdc32145c392c8ccd21e2a5005b5593a62f5cdd4f6628b98a9b
Studio-One CMS versions 1.7.1 and 1.11b suffer from a remote blind SQL Injection vulnerability. Note that this finding houses site-specific data.
5ad28110810d3f7b1fc935a71ea4f62fa3c6db304eb9c0724237c8a7c67db3d4
Flexap.am Control Panel version 5.1 suffer from a remote blind SQL injection vulnerability. Note that this finding houses site-specific data.
affb027023e9cdd295090a22d861742d331f68bea85915f81cc6f4a624a6658d
Sitemax Maestro version 2.0 suffers from local file inclusion and remote SQL injection vulnerabilities.
e2f491d67885ede5c96a111fb35eb48b8ab56eaf65ab53718559aefdf65d3442
Fluger Edit version 2 suffers from cross site scripting and remote blind SQL injection vulnerabilities. Note that this finding houses site-specific data.
776957ea2e591ce4de92073c69025a61eb40469401729fc6ccd644600e0fcd1f
Sciretech file Manager version 3.0.0 and Multimedia Manager version 3.0.0 suffer from cross site request forgery and remote blind SQL injection vulnerabilities.
7f0570634cc662059586bc24b8e757681338abfe415fefd46664042dde9f941d
This is a blind SQL injection exploit written in AutoIt3 that takes advantage of MagyCMS version 2.0.1121 BETA.
7bb2ad445113e3b10884ac186a263b5ff015ba59fe813ee16a5c886a16e1e7ef
europ INNET Web Studio Administration Program version 2.0 suffers from cross site request forgery, cross site scripting, local file inclusion, path disclosure, and remote SQL injection vulnerabilities.
8b945b66041046c68f9608814b1da5af72c0a32cca28ec9997b10974d6f42623
Shahumyanmedia CMS 2010 suffers from an authentication bypass vulnerability. Proof of concept code included.
6ac8ee86a9dc1a3b5060656cdad5bfd5ebf07f42f98648432dd21f90f0dd5023