Adobe Experience suffers from a reflected cross site scripting vulnerability. The author contacted Adobe back in August but the issue is still not resolved so they are releasing details in hopes that Adobe will address the issue. Note that this finding houses site-specific data. Update on 01/21/2013: Adobe PSIRT has resolved the issue and the author has confirmed that this was indeed fixed.
b7ad16292219d69d31c0817f287d4e50149c4bdbd887e0e0e7282fad6aa95478
The WordPress Ripe HD FLV player plugin suffers from path disclosure and remote SQL injection vulnerabilities.
a1231cc70d23013c5b6dcfa56742928cb5e5ed4c728f3a8a3d6241b630481810
The Joomla Collector component suffers from a remote shell upload vulnerability.
1f428d79159db8e42cd96fdac387c73fc558a4ff2f664a62900a19d970b4bf9d
Classified Ultra ScriptsGenie suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
330402dcde17b2be40735b218eeb93c609a2c4bcca73aacc321f5ac416d944ad
This Metasploit module uses the Jenkins Groovy script console to execute OS commands using Java.
d399ceb32f8d20399dd647bec028b96de469f3d117d253352dc348ede3915dd0
SonicWALL GMS/VIEWPOINT version 6.x and Analyzer version 7.x remote root/SYSTEM exploit.
c67e6d05a8d585f1484b8a0f270568483e1cd3458d88448b2156427211649cd6
Novell NCP implementation in NetIQ eDirectory version 8.8.7.x before 8.8.7.2 pre-authentication remote root stack-based buffer overflow exploit that spawns a shell on port 5074.
32c040998e1527dec35f813c9b889b9b37755382c5ac1113f101e0a818d4b951
Linksys WRT54GL version 1.1 suffers from remote OS command injection and cross site scripting vulnerabilities.
c747a4881fe6f7e8e70cf9b1b6b621bdf6fad806004ab724ba2805579af13185
This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\\pipe\\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. This is updated by Sean de Regge to target the 30 Aug 2012 nvvsvc.exe build.
824e71b2ccad1dc6738764ed7ad37c509efaedb2901fd0a0583430d31a361995
SonicWALL GMS/Viewpoint/Analyzer suffers from an authentication bypass vulnerability.
a7cdf9ef5dde0b877ce946cd1289e5066843249e2b56404241fd4a4fba9a3e72
This is a denial of service proof of concept exploit that causes a core dump in Atheme IRC Services versions 7.0.5 and below with external logout as expressed in logout.c which is enabled by default.
0deefe5d0febf1e336a91778df62d8aab69c5036818f979f35f7097df18e9150
Invision Gallery version 2.0.5 suffers from a remote SQL injection vulnerability.
ed37d1d30bc5e32cffffe67f79b1076b898251abcbe19d9253a19c72021169a4
This Metasploit module abuses a command injection vulnerability in the Nagios3 history.cgi script.
2d998e6af394b654b4e6c4d7e3889f719c9559d52bd93cdc30862fc829af9295
Cydia Repo Manager suffers from a cross site request forgery vulnerability.
de476f95f33b7e4ed3fc54b3a18c444f99d6ac86819b705cc6c81acd3c57ab35
PHP Charts version 1.0 suffers from a remote code execution vulnerability.
64dbb04aef88e5fb2954ee4818a1aac7de41ecf55f1212bd08d0eddd49109241
The Oracle Application Framework supports diagnostic and developer mode features that are intended to be enabled from developer or administrative interfaces. However, any user can manually enable the modes by setting the "OADiagnostic" or "OADeveloperMode" cookies to "1". Versions affected include 11.5.10.2, 12.0.6, and 12.1.3.
593d275e9cad209f5d011018dd31b2516f2313f9799e0b9003a957d008d05c0b
Snews CMS suffers from a remote SQL injection vulnerability.
5775ab0b553da86a1cc2826df674d737c2e06a94325bab1d79b587b314e563f1
phpLiteAdmin versions 1.8.x and 1.9.x suffer from remote SQL injection and path disclosure vulnerabilities.
0040b2134dfa5935dcd304cb28a4d32278bb7672c063c3ca3bef062b3e1fa1a7
This Metasploit module exploits a vulnerability found in FreeSSHd versions 1.2.6 and below to bypass authentication. You just need the username (which defaults to root). The exploit has been tested with both password and public key authentication.
0272e1bc1c0f2058ce2f21fa14e3a0637074e73625db7d48068910d45f94ec8d
Nagios version 3.x suffers from a remote command execution vulnerability in history.cgi.
e9958b0f049ad1bc4400634ee8177ed434f1a56da56c38cae3879f16f2a207c8
ProActive CMS suffers from cross site request forgery, cross site scripting, and open redirect vulnerabilities.
568536e08fe1d3043e92533be68c6b3916ff57e51f21738f12f3c95a131c5879
Calendar Scripts A.M.Y. Ad Management software version 1.4 suffers from a persistent cross site scripting vulnerability.
dbe429afd6de011f44886c21fe1edb326a4cba20b589175b2428e96134dedff6
phlyLabs phlyMail Lite version 4.03.04 suffers from multiple stored cross site scripting vulnerabilities (post-auth) and path disclosure when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site and displaying the full webapp installation path.
25a22286a3e4d3870db201532bda79c08d9029a4a99ca5c0e6401a0b64d439a1
phlyLabs phlyMail Lite version 4.03.04 suffers from an open redirect vulnerability.
e2efd1237f90dd37c0ff5bd1942b229f2c99e62152e8cb32996850ddfbd117d8
Ad Rotator AdPeeps version 8.6.9 suffers from a persistent cross site scripting vulnerability.
48c300e005d98feed67fa72d39434f6a96687806617cb2d96317389d6c70eb0c