The Rackspace Windows Agent and Updater allows for modified Agent binaries to be remotely uploaded (without authentication) to Rackspace Cloud Server guest instances. Modified Agent binaries are processed as an update for the Agent and arbitrary code can then be executed after the service is restarted. Previous versions of the Updater (before 1.2.6.0) allowed for unsigned agent updates utilizing a specially crafted .NET remote call to TCP port 1984.
e1432ce56dfb5361bc47edbd2d3c8d08d7d01f9b5dba847ea442095175de0442
NOAA.gov suffers from cross site request forgery, cross site scripting, and clickjacking vulnerabilities. The authored has tried to contact them but has received no response.
c1f55ea29ba7cf55838a8a216d2e5c0918b27490eb78e8f438416ea546ac11c2
WordPress theme Blogfolio suffers from a remote shell upload vulnerability.
0c931b3b4993f2838eaf828fbf9b4fe893139876712f077dd94574885dc101c4
WordPress Contact Form 7 versions 3.5.2 and below suffer from a remote shell upload vulnerability.
b67761ce5c2175bb4250fb9167f3ba1deb8c6aba800b8043a638dfabb5cdd524