Ziggurat CMS suffers from arbitrary file upload, arbitrary file download and cross site scripting vulnerabilities.
874c7427aa7a2638495b9b9d17e8d673ba082f4f464b3eac71f80f396b23ddab
Mocha LPD version 1.9 remote buffer overflow denial of service proof of concept exploit.
099a4af3c61fee3a7ffb30879dc26ba970befd43bfd5048944193ce77f98beb0
The cross site scripting / input validation vulnerability in Apache OFBiz can also be leveraged to run arbitrary SQL commands. This archive has two javascript proof of concepts inside.
869b4a38f24b51ae270bb2efcdf64a5e06a74983af574cc256cfac9b7319620a
Zero Day Initiative Advisory 10-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Preview. User interaction is required in that a target must open a malicious file or visit a malicious page. The specific flaw exists within the routine TType1ParsingContext::SpecialEncoding() defined in libFontParser.dylib. While parsing glyphs from a PDF document, a malformed offset greater than 0x400 can result in a heap corruption which can be leveraged by an attacker to execute arbitrary code under the context of the current user.
4c922f3c07d9bd10745c111ce1d0a0948f99f2a5a1db6b6e4c416b58d4e77775
Apache OFBiz suffers from multiple cross site scripting vulnerabilities.
5501fd94fda2e20c6ca17ba0bca565a5b103589958224155c187e9a10853c7d5
The Joomla wgPicasa component version 1.0 suffers from a local file inclusion vulnerability.
3a90b41297a1502a2409072bcd97c17096e74c41ee6efea2870d1b6dbb3b744d
The Joomla S5 Clan Roster component suffers from a local file inclusion vulnerability.
b6337b415d10be34a8eb019add76240c5c83f3e7056fb7ce6ad242f1fc1d9d7e
Book Library version 1.4.162 local denial of service exploit that creates a malicious .bkd file.
aec18ad366a51defd2eb60c4f76dd3bc30feb5582c61704726ac04ed620536ba
MovieLibrary version 1.4.401 local denial of service exploit that creates a malicious .dmv file.
010240d121e0a592d49afa1cbc32baaa08092587ddae732a968956cdbddf1a82
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a buffer overflow error when processing malformed PNG data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
8f92aa33be27270a73febb9b2cbd2e11d06f4d12cba56f22a94c3e7956792f04
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a buffer overflow error when processing malformed JPEG data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
e9d0702cdbb20963149b9f1501fb1fff56a6ebb1235cdbfbe481db507d3a630c
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a buffer overflow error when processing malformed GIF (Graphics Interchange Format) data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
2e05145ed434a8f30e848a82a72d218f5439cc00fd76742b6735da9062bc4495
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a buffer overflow error when processing malformed BitMap (BMP) data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
c6cd8e23bde2c887f4bffe1411ad48c08b9a0b2efc7ede2c7418a28d8b0c674a
VUPEN Web Vulnerability Research Team discovered 27 vulnerabilities in WebAsyst Shop-Script FREE. These issues are caused by input validation errors in various scripts when processing user-supplied data and parameters, which could allow local file inclusion, sql injection and cross site scripting attacks.
579654776cb543312df85db518c209df4b6f760d61838499c5d37ef57a0756e4
YUI Images Script version 1.0 suffers from a shell upload vulnerability.
526af09a830f2d0cdc9d356f7733e6f4b6e3d9ee4a5c506549ddda6ae6ed5d27
55 bytes small SLoc-DoS shellcode.
dc1e4d10eaeb1e01cf1c15e9db5b32aa36d027a14e67d579988b8f2b63e254f7
The Joomla Photo Bottle component version 1.0.1 suffers from a local file inclusion vulnerability.
e39651e6e8d8a14ecdbec72053c2aef553db951eb188b525bb1bfc11f7cb1372
The Joomla MT Fire Eagle component version 1.2 suffers from a local file inclusion vulnerability.
e88332505b90f47567f2762a01c68e66718c63b4e74fba5625a7d56da3b2c130
The Joomla Media Mall Factory component version 1.0.4 suffers from a remote blind SQL injection vulnerability.
94d10c7538105f7b68060232b3930c05676c821b0c4989277285c006e781395f
The Joomla Love Factory component version 1.3.4 suffers from a local file inclusion vulnerability.
85e84b365fece2161df5fabdb627e3a3ecd7ac6797209300c52f3cf0db3f7ee6
The Joomla JA Comment component suffers from a local file inclusion vulnerability.
b7ee11adda312fda79e427d20562af6c3da2842ba2c091a45956b09a835d82c3
The Joomla Delicious Bookmarks component version 0.0.1 suffers from a local file inclusion vulnerability.
0c26eb82bc435813c949bf2c7af79e42b9c45849887232a9ab1dceeeadb2b9ee
A vulnerability exists in the SMB client of Microsoft Windows 7 and Windows Server 2008 R2. This vulnerability allows an attacker to trigger a kernel stack overflow by sending a specific "SMB_COM_TRANSACTION2" response. Attacking the SMB client can be achieved by convincing a user to connect to a malicious SMB server. Alternatively, the attacker could attempt man-in-the-middle attacks (such as ARP spoofing, NBNS packet spoofing, etc.) to redirect legitimate SMB connections to a malicious SMB server. Successful exploitation of this issue may result in remote code execution with kernel privileges.
4634330c6b9a740411368733ef3422e5a35456f847e190d753c1af27f8b65e09
A remotely exploitable vulnerability has been discovered in Adobe Acrobat Reader for Linux. Specifically, the vulnerability is due to an integer overflow when processing the "Shading Count" field in the CLOD Mesh Declaration block, which may lead to a heap based buffer overflow and execution of arbitrary code. Adobe Systems Acrobat Reader versions 8.1.6, 9.2 and 9.3 for Linux are all affected.
f385ef95e1573ac6a4f3c822fd3e9df546151e7422ff23e8cba084c3366032a6
Zero Day Initiative Advisory 10-072 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the Secure Desktop Web Install ActiveX control (705EC6D4-B138-4079-A307-EF13E4889A82). The control fails to properly verify the signature of the downloaded executable being installed. By not verifying the executable a malicious attacker can force the user to download and run any code of their choosing. Successful exploitation leads to full system compromise under the credentials of the currently logged in user.
1f1d2f189d60548d5616e029e9798ad724801d97cc5e244ef8d01ba731375b1f