Happymall versions 4.3 and 4.4 are still susceptible to well-known directory traversal and cross-site scripting vulnerabilities.
2160d0ca9967b7f3be732542f6b644d9b3909f0a8887c019ce26db04d69ab92d
Owl v0.71, the multi user document repository, fails to actually authenticate a login name given. If a completely fake login name is passed, an attacker can get in without any valid session id.
03f9bd851bb279e45b8bb81e862206499d29b6ff1c7a2b6bf67e4d7c8450af8f
Poster version.two, the PHP news posting system, suffers from a vulnerability in the index.php file that allows a user to edit their account. Since the user is allowed to change the embedded information in the code, they can achieve privilege escalation to an administrative level.
dc71044533eb04ee5b535377f6bf7916a5d9ffba89345827b2c427c81a5b49dc
Putty v0.52 and below remote exploit which poses as an ssh daemon and will bind cmd.exe on port 31337 of the victim sshing inbound. Tested against Windows XP and 98SE.
eafb21d90b54269b8a8b5aba1dbea160f82668e29aadfa66c25daf5443e53fc9