Ad Muncher versions 4.81 and below suffer from cross site scripting vulnerabilities.
0fa1d8513b69bc1fc286ae4ef31437ee0f3760917a95bc68f2da8de87aa0bf1b
Discovery TorrentTrader version 2.6 suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
ad0688c78f2e66e900baeb06f4dc8cbab87853b449b7279500080c27319ce64c
Coppermine version 1.5.10 suffers from reflective cross site scripting vulnerabilities.
be8b73580a130da9b082972278f6af1869440c879e56b3306245c47f80cea697
Digital Music Pad version 8.2.3.4.8 SEH overflow exploit.
13c61e7a043d3a036cdb75753e6390a6e098f6948d02b4ae20043fd0da07cd8a
KaiBB version 1.0.1 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
3609575d4a9376abeae2a1b81bd498e5d35875d4a5a031c3a59cf96a1a9e7511
This Metasploit module exploits a stack-based buffer overflow in the handling of the 'pFragments' shape property within the Microsoft Word RTF parser. All versions of Microsoft Office prior to the release of the MS10-087 bulletin are vulnerable. This Metasploit module does not attempt to exploit the vulnerability via Microsoft Outlook. The Microsoft Word RTF parser was only used by default in versions of Microsoft Word itself prior to Office 2007. With the release of Office 2007, Microsoft began using the Word RTF parser, by default, to handle rich-text messages within Outlook as well. It was possible to configure Outlook 2003 and earlier to use the Microsoft Word engine too, but it was not a default setting.
c781a6b1c954888d98e9d2d99bf09fd7064aa318d76af4eac5e983b427860a6b
DzTube suffers from a remote SQL injection vulnerability.
4c6c169a20a99a67a287274f5dd5a14708780f335abd860180e7f9922bdc9b50
LoveCMS version 1.6.2 suffers from a cross site request forgery vulnerability.
726e20be981d56722f8df943a67f52902b69be74f0a714802ce0a86b8c03495f
Chaosmap is an information gathering tool and dns / whois / web server scanner written in Python. It can be used to lookup DNS names with a dictionary with or without using a salt. Salting for DNS means it will append numbers from 1-9 to the name in the dictionary with or without a - and _ or a leading 0. Salting for Web stuff will try double slashes and some directory traversal tricks. You can do reverse dns lookups of a whole ip range (with optional whois lookup) or make a dictionary scan for hidden paths on one webserver or a range of ip addresses. Optionally you can encode the path with url encoding and with google dict lookup mode chaosmap will first try to find the path on Google and only query the webserver if google has no search result. Last but not least it can be used to extract email addresses from domains using a Google search.
bf73d4cb1d32e0df0ecccd0cbb285bf3ff4d17b0920ed02e9651f4a9caf7ef69
This tool helps discover local file inclusion vulnerabilities. It creates a random user agent for the connection, supports nullbytes, supports common Unix systems, and more.
0c1637f07029317c9015b1f6d44d3a4c08567372e22ad7436e02997621345c13
Yektaweb CMS suffers from a cross site scripting vulnerability.
4c52f3fb3a8ad5ab5e504bf25d55286e9607ff57b3a92665a332d0b7dc4c03df
PHP-AddressBook version 6.2.4 suffers from a remote SQL injection vulnerability.
699461b0386c5ae9684e0d4dd201f5c9e12adc221d1fe75c3b3dfb2c36c35b83
Wordpress version 3.0.3 suffers from a stored cross site scripting vulnerability.
9fb14b53fbb56ffa5270d4dc71d95690a5e6bd33f24cd8dc2302f6ab6ab05158
TYPSoft FTP Server version 1.10 RETR CMD denial of service exploit.
b1a032c7a23e25e191a8ec4affeb06545de872512fdf8c538cfd46edf16d5960
QuickTime Picture Viewer version 7.6.6 JP2000 denial of service exploit.
1b272c90310e2f697d556cc594f9158912fdda2d7ccfccb110c11915e8ced017
IrfanView version 4.27 JP2000.dll plugin denial of service exploit.
e83acc426333f3d230a7b331ef523b100443545f6d3d6007fb5dd3fc15364a7a
Siteframe version 3.2.3 suffers from a remote SQL injection vulnerability.
eee08bed75cbe86dde01afdaad3ef91e331e05032966436d4bc12b0f96961df3
DGNews version 2.1 suffers from a remote SQL injection vulnerability.
d3895df37fd062e432d4d44936591ef08cc8afe61fbc5be2b9b52c37270a9092
TYPO3 unauthenticated arbitrary file retrieval exploit. Affects versions 4.2.15, 4.3.7, and 4.4.4.
2a2b3e4555ad13f58b384edbe8d46660c60151646bfc4b76dba4acdbbd9df710
ardeaCore version 2.2.5 PHP Framework suffers from multiple remote file inclusion vulnerabilities.
457a2767d371d2321b79482da1102c4c91ec0c06d59c00b1bdca19b338355bd6
News Script PHP Pro suffers from a shell upload vulnerability.
65efe74876147eb4b57a978db4c006848440b1f9511eafeca100ee49f8afd22b
HotWeb Rentals suffers from a remote SQL injection vulnerability.
8cb39327a8568ed7be92b8abe0f4a184346e1c420f665f031f8a779ffd5ccc6b
Secunia Security Advisory - rgod has discovered some vulnerabilities in the Chilkat FTP-2 ActiveX component, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
6a6cc501f44e2948515e4b065294a68ae319eb5943009e21d7eceaeb9b91891a
Secunia Security Advisory - John Leitch has discovered a vulnerability in Techphoebe QuickShare File Server, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.
ef45afaf047982f1f343294b198714e64f15a4e8fdb6a3ff4cfa10965f8b2785
Secunia Security Advisory - A vulnerability has been reported in LiveZilla, which can be exploited by malicious people to conduct cross-site scripting attacks.
2f27e8af78f3061fe899fc6684ed9260832ccfd233440f97f42031a862d53760