Allied Telesis AT-MCF2000M version 3.0.2 suffers from a local root-level privilege escalation vulnerability.
ff5d7406c17bd8ff7fdbdde80e74244fd325b7101bde127bdef0b679b0c3a63e
PM Software Simple Webserver version 2.3-rc1 suffers from a directory traversal vulnerability.
2663bdc531c6611591adc8e749cdf1a7cf2bc800a1b30940b76d2f8744e04aba
WHMCS version 5.x suffers from an authentication bypass vulnerability that leverages the cache.
d53f2c4012a4d5108946de6ff528b18152a971b4bcf46cfa3468c753a7282f74
This is a mini-php backdoor shell. It has a PHP encoder/decoder, mail bombing functionality, reverse shell, cPanel cracker, and more.
27ad339a1514e347e845b24923cfcd49b2242e7c4f4111ce61e4b88048eb9c3e
Simple Machines Forum versions 2.0.3 and below suffer from a path disclosure vulnerability.
30f1040ff99e0f67f1b77894262c84fd5663126aec547c224447e7db57abf887
This Metasploit module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off).
211cc121330742fad11775f13953820e22f2025d773fe3a885e62accdc9e3acd
WordPress Xerte Online plugin version 0.32 suffers from a remote shell upload vulnerability.
9e1471059686b4e961c8ac940f2e04b1d4052bceac37ae587baadfee1050b3ce
WordPress Uploader plugin version 1.0.4 suffers from a remote shell upload vulnerability.
53b75f19799c13d11b6607cc9cba345c09e212d55444b7c54c4828de32017cb8
WordPress ReFlex Gallery plugin version 1.3 suffers from a remote shell upload vulnerability.
5a7972cf9303988631377a1aedd2e7506e0f1d4a9da51cc427459146ada8d3e3
Secunia Security Advisory - Joshua Reynolds has discovered a vulnerability in e107, which can be exploited by malicious people to conduct cross-site request forgery attacks.
efeacb2e22f472178930dbca1fa0845ef1e05df4b4ed0941c642cefc4034ca8e
Secunia Security Advisory - Aung Khant has discovered a security issue in CubeCart, which can potentially be exploited by malicious people to gain knowledge of sensitive information.
c34f648cebc8d969a1cda801c596db8fdd663bd49e8f1e93ea9f4394e37d85c3
Secunia Security Advisory - A vulnerability has been reported in NVIDIA Graphics Drivers for Windows, which can be exploited by malicious users to compromise a vulnerable system.
9fea7e7c2fe16cfb3a9128d36a1b6aaba59efe61a9bbefaa6c3c61f46c0330ef
Secunia Security Advisory - joernchen has reported a vulnerability in Ruby on Rails, which can be exploited by malicious people to conduct SQL injection attacks.
c53de4a619ff75ae8990ef1770a8d39c81744c7a1334b41d66e116669fe51ba4
Secunia Security Advisory - Aung Khant has discovered multiple vulnerabilities in CubeCart, which can be exploited by malicious people to conduct cross-site request forgery and script insertion attacks.
2ff130923b8d8b0dd7dfba1c0004741cd9b82edbd70ad8b4bb43ccac0ca51df7
Secunia Security Advisory - A security issue and a vulnerability have been reported in RuggedCom Rugged Operating System, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to hijack a user's session.
e639736114594d150e98f600eec77c2052888640a04c1e380aca3ef11c1eafd6
WordPress Shopping Cart version 8.1.14 from Level Four Store Front suffers from remote SQL injection and shell upload vulnerabilities.
951abd74837c5df0549439721f23a575abafcc05749422fca7d29dd93f63fd3f
Secunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).
662bab53ab82508f640119860572586ff03692e8b32c59cdb43d90de16c537b9
Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Google Doc Embedder plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
1355b85e3fb032f148ffcea35c6bb79fde8bd29c606c78195eae6577c3d2a7b8
Secunia Security Advisory - Two vulnerabilities have been discovered in osTicket, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.
be920b656d21cc57f657e490440c753004a928da15a9b442d5d6574e8a140ac0
Asterisk Project Security Advisory - Asterisk maintains an internal cache for devices. The device state cache holds the state of each device known to Asterisk, such that consumers of device state information can query for the last known state for a particular device, even if it is not part of an active call. The concept of a device in Asterisk can include things that do not have a physical representation. One way that this currently occurs is when anonymous calls are allowed in Asterisk. A device is automatically created and stored in the cache for each anonymous call that occurs; this is possible in the SIP and IAX2 channel drivers and through channel drivers that utilize the res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). Attackers exploiting this vulnerability can attack an Asterisk system configured to allow anonymous calls by varying the source of the anonymous call, continually adding devices to the device state cache and consuming a system's resources.
773b7fb319c073a4c00909384b60645dea28da3fd585d83a3a36440ff0b98590
Asterisk Project Security Advisory - Asterisk has several places where messages received over various network transports may be copied in a single stack allocation. In the case of TCP, since multiple packets in a stream may be concatenated together, this can lead to large allocations that overflow the stack. In the case of SIP, it is possible to do this before a session is established. Keep in mind that SIP over UDP is not affected by this vulnerability. With HTTP and XMPP, a session must first be established before the vulnerability may be exploited. The XMPP vulnerability exists both in the res_jabber.so module in Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module in Asterisk 11.
0eda4a18f48435624a5845545ce7bded4867ce8731fbb4a94114a41619146e72
Mandriva Linux Security Advisory 2013-001 - Versions of GnuPG less than or equal to 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing the key. The updated packages have been patched to correct this issue.
98023f4d9132db57090088051e5e2ee2e1a8760b86910a9d1265a08a87f0e5c9