The moderator edit account functionality in Vanilla version 2.0.18.4 suffers from a cross site scripting vulnerability.
7e2f35ca93dab864187814828cae8b89Vanilla version 2.0.18.4 with Latest Comment plugin version 1.1 suffers from a cross site scripting vulnerability.
e757bce29415dacf71305155a64b1c2fVanilla version 2.0.18.4 with About Me plugin version 1.1.1 suffers from a cross site scripting vulnerability.
1410506aa8649e659b6980edb275a0a7This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.
906cfff187bbb0026697ce9e23a575f1This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.
2c8371ebf9277f065c37c6f9a57a0aa1PHP version 5.4.3 code execution exploit for Win32.
bf7b4442cabfaf14771396d43b041e28HP VSA remote command execution exploit.
569ace67aa28a559c95f0ea2dcf7e73cSkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability.
960cf97b967da300296a7252c5cd650dCryptographp suffers from local file inclusion and HTTP response splitting vulnerabilities.
60dabe657f693a1c4d9b4bfe6ae9b2f7Division 6 IT suffers from cross site scripting and remote SQL injection vulnerabilities.
e6aa49527836b842d72680951787521dArtiphp CMS version 5.5.0 suffers from a database backup disclosure vulnerability.
05194633dbe64cd33c6d2bc9a46c63acArtiphp CMS version 5.5.0 suffers from multiple POST cross site scripting vulnerabilities.
8418d0559d7c2fda632eee004ed490d7SiliSoftware backupDB() version 1.2.7a suffers from a cross site scripting vulnerability.
fdd4f35a4a968373195090e4afe4af34SiliSoftware phpThumb() version 1.7.11 suffers from a cross site scripting vulnerability.
f1e640638ed8dc3eac71a5a482db3b0cFlashPeak SlimBrowser version 6.0.1.38 suffers from a denial of service vulnerability.
b9129424b21a6690e12d38542c75d08aUnijimpe Captcha suffers from a cross site scripting vulnerability.
88a50525ab630bd4268d5fd281052321Axous version 1.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
b46274d71dad8328fcee5d80cfc6ed4bLiferay version 6.1 is vulnerable to JSON-related cross site request forgery attacks. Proof of concept code is included.
2b12109503d92e9bf2898884245f4f24Some SVG specifications, like SVG 1.1 and SVG tiny 1.2, allow Java code execution when the file is opened. Proof of concept code included.
14de63077e55a7c29ecb567ff57d0d25Liferay version 6.1 suffers from a vulnerability where it is possible to retrieve the names and email addresses of all users. Proof of concept code included.
1c9db5e006b9833dda17ca6d031cba9bLiferay versions 5.x and 6.x suffer from multiple cross site scripting vulnerabilities.
e109ffd11302435030168f60435e9421TunInfo suffers from a remote SQL injection vulnerability.
73d227f77c8ac6212e4a5cd3db3a8674Liferay version 6.1 suffers from a circumvention issue when restricting access to ip blocks. Proof of concept exploit included.
b45af907ccb22997e62ef3d74a4de98fMultimedia Builder version 4.9.8 denial of service exploit that creates a malicious .mef file.
9b662835aa9215e59b130deb0de64a13WordPress Track That Stat plugin version 1.0.8 suffers from a cross site scripting vulnerability.
148509ae8edc1038128b97a56f0f73dc