This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.
35afddd5d3435bc9a7d573d702fbd4a8ffa05be42f3a36a7f8f99095dcaea8ed
This Metasploit module exploits an arbitrary PHP code upload vulnerability in the WordPress ThemePunch Revolution Slider ( revslider ) plugin, version 3.0.95 and prior. The vulnerability allows for arbitrary file upload and remote code execution.
0fbb334e5498746e566613a7bedd0b311865d5026d317222330026d031c9dd85
WordPress Ad Buttons plugin version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
38b043d0ddd6274052aa3b2235c087b0a5f86ffbd8a74ae736c9855251b13cd0
WordPress Freshmail plugin versions 1.5.8 and below suffer from multiple remote SQL injection vulnerabilities.
ecaa20fa237cb0a8aa083981c48b64cc3785f441002a277f54d0ce324677ced0
Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.
5420aba52d2da4e16371bae00da42618bd4a585a57ebdcc3bb728104c84e8eab
Yahoo eMarketing suffered from a cross site scripting vulnerability.
3bacff349693e5ea813834e701aade59652625f85083bb51b8ad8288a57cc70f
Album Streamer version 2.0 suffers from a directory traversal vulnerability.
995d2525bb3241f1583292b68d3c8c8775795290d25f56847b605bfdbe66e42e
WordPress Ultimate Profile Builder plugin version 2.3.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
e306dde4e30a050baaee377e244ad54d920791bdf5e7dd8e595b3a7eaca44b37
WordPress ClickBank Ads plugin version 1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.
47910384921948b511a328ff8006171ac9d2ec58cab3173c9f2b6b746ca631eb
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
75029b8d4d531fbdfff18bd0e3ee54ea38df3769050cbdc44c4ce4d02f4960f1
WordPress Ultimate Product Catalogue plugin versions 3.1.2 and below suffer from multiple remote SQL injection vulnerabilities.
a02ef720dd359a3d52d92fb498b5e55a1386cf0896a4bf4b869dc635ad52f563
BullGuard Antivirus version 15.0.297 suffers from an authentication bypass vulnerability.
5112dee77c43095b3a49dcb2330e479154fb9f8936b7496f27a233d75f4262a3
BullGuard Premium Protection version 15.0.297 suffers from an authentication bypass vulnerability.
e518b0247ad14e6664301878be74b7d5aa34d98c7e9b836f279738abe34a4d3b
BullGuard Internet Security version 15.0.297 suffers from an authentication bypass vulnerability.
624206bd9c6a51e8ad271d67e4899a42171ca6df98a67470b32466dea534dd22
Koala Framework version 3.7 suffers from a cross site scripting vulnerability.
fea3eace4bbda92634460b64d395d7f0f99c59a8245fd90338fc6d34bc6ee31a
BigAce CMS version 3.0 suffers from a cross site scripting vulnerability.
8f572ab6f103e93d3874e315dc938ee02140a8b6aa7dd8cae48a26bed59ca897
Manage Engine Asset Explorer version 6.10 build 6110 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
195e2f680ce1f1256efa4ca7d96a6455fb8bb335560c4ad2d9e348c0cd79ddb7
IBM WebSphere Portal versions 7.0, 6.1.5, and 6.1.0 suffer from a persistent cross site scripting vulnerability.
c25c7d382ffcb40fc33d6e489077245c3549a3c7e04bdeda6e122b3e02b6e336
Apple Security Advisory 2015-05-06-1 - Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 are now available and address memory corruption, information compromise, and unauthorized access vulnerabilities.
e609569d25d389b25e5239f45be52c05969d8953e40e3f411986f8d182370607
WordPress Twenty Fifteen theme version 4.2.1 suffers from a cross site scripting vulnerability.
93a37a3f6c8cd7835727b35ff9f366aa8d7618f1100f189372ad0bcabda4d158
WordPress WP Symposium plugin version 15.1 suffers from a remote SQL injection vulnerability.
12d35576d9a9ec9f31a2b35395b82f006d16733e9bc13724d99127eae3ebc9ee
gpEasy CMS version 4.4 suffers from a persistent cross site scripting vulnerability.
8f52cba5c22c60add1d64b7fc341bfb581007b33aaf8e37c00b2e1950dbf2196
WordPress Ad Inserter plugin version 1.5.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
fc4d07d0daf390ca0c72e3db173c0a59ad0af1b9efa29d6fd45e91a1f202d286
WordPress Embed-Articles plugin version 7.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
a8cef952b6cc90193465ca3ccb8b29e293b5fed101d0cdff61fab9964921ee33
TORNADO Computer Trading CMS suffers from a remote SQL injection vulnerability.
ec27ed266ac42abd26a4054c7c53d05ffd693066274b40035240811e03f82795