This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.
8127f22354b9daaa2681b4e32dbb870d
This Metasploit module exploits an arbitrary PHP code upload vulnerability in the WordPress ThemePunch Revolution Slider ( revslider ) plugin, version 3.0.95 and prior. The vulnerability allows for arbitrary file upload and remote code execution.
156ad3101d1c589747e54bf76d5a0f07
WordPress Ad Buttons plugin version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
e852b9ba527e9d29868c110941c97701
WordPress Freshmail plugin versions 1.5.8 and below suffer from multiple remote SQL injection vulnerabilities.
a0c8e159a2f11853051cf2f911ab4867
Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.
956d84b58adbd3d0e9b366bb849df648
Yahoo eMarketing suffered from a cross site scripting vulnerability.
e21a258a8b372c3fcefd528b7eeeda7c
Album Streamer version 2.0 suffers from a directory traversal vulnerability.
37e1298dfe7b704bd4660dd9baec1bcc
WordPress Ultimate Profile Builder plugin version 2.3.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
b3f5807199cf9c2264400f6b795a374e
WordPress ClickBank Ads plugin version 1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.
854d8aa6e035bc9bb841486fbf2431f7
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
a22fa7c7dc3ee49d36da1067a374e720
WordPress Ultimate Product Catalogue plugin versions 3.1.2 and below suffer from multiple remote SQL injection vulnerabilities.
5a4b2e34e5205fddc3c601855b6848a5
BullGuard Antivirus version 15.0.297 suffers from an authentication bypass vulnerability.
f17a6d937cd142efe664265134965554
BullGuard Premium Protection version 15.0.297 suffers from an authentication bypass vulnerability.
dac220a2f4fcba022ea3e6e6856b1613
BullGuard Internet Security version 15.0.297 suffers from an authentication bypass vulnerability.
cda9840973d28f9360a82ae9b7164180
Koala Framework version 3.7 suffers from a cross site scripting vulnerability.
277c429719982b6f1a059d76b14584c9
BigAce CMS version 3.0 suffers from a cross site scripting vulnerability.
3f6d541379163839c0ecdc35afa4d466
Manage Engine Asset Explorer version 6.10 build 6110 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
a8ea4e7d7e34c2ce795986ac29c3b9dc
IBM WebSphere Portal versions 7.0, 6.1.5, and 6.1.0 suffer from a persistent cross site scripting vulnerability.
14a5a911aa04f3ad5e5ff09d71a3698c
Apple Security Advisory 2015-05-06-1 - Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 are now available and address memory corruption, information compromise, and unauthorized access vulnerabilities.
bd74877673a60f36f7b986165bded26e
WordPress Twenty Fifteen theme version 4.2.1 suffers from a cross site scripting vulnerability.
d9e157b0ae33571fa13c8771c165773d
WordPress WP Symposium plugin version 15.1 suffers from a remote SQL injection vulnerability.
247ff320a0c112cbd3355098a57a011b
gpEasy CMS version 4.4 suffers from a persistent cross site scripting vulnerability.
ef3088f421da384c4cd12b2403222299
WordPress Ad Inserter plugin version 1.5.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
97567eb9adf2f8df4eb066de7d468e3c
WordPress Embed-Articles plugin version 7.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
ef1c75d6c95a9725753213ca9c3d7940
TORNADO Computer Trading CMS suffers from a remote SQL injection vulnerability.
578f02cfa203ccebade93c429ebefe42