DB: 2016-03-21

1 new exploits

IRIX Multiple Buffer Overflow Exploits (LsD)
IRIX - Multiple Buffer Overflow Exploits (LsD)

Oracle Database PL/SQL Statement Multiple SQL Injection Exploits
Oracle Database PL/SQL Statement - Multiple SQL Injection Exploits

Wordpress <= 1.5.1.2 - xmlrpc Interface SQL Injection Exploit
WordPress <= 1.5.1.2 - xmlrpc Interface SQL Injection Exploit

Wordpress <= 1.5.1.3 - Remote Code Execution (0Day)
WordPress <= 1.5.1.3 - Remote Code Execution (0Day)

Wordpress <= 1.5.1.3 - Remote Code Execution eXploit (metasploit)
WordPress <= 1.5.1.3 - Remote Code Execution eXploit (metasploit)

Barracuda Spam Firewall < 3.1.18 Command Execution Exploit (meta)
Barracuda Spam Firewall < 3.1.18 Command Execution Exploit (Metasploit)
HP-UX FTP Server Preauthentication Directory Listing Exploit (meta)
Microsoft Windows IIS - SA WebAgent 5.2/5.3 Redirect Overflow Exploit (meta)
HP-UX <= 11.11 lpd Remote Command Execution Exploit (meta)
CA Unicenter 3.1 CAM log_security() Stack Overflow Exploit (meta)
HP-UX FTP Server Preauthentication Directory Listing Exploit (Metasploit)
Microsoft Windows IIS - SA WebAgent 5.2/5.3 Redirect Overflow Exploit (Metasploit)
HP-UX <= 11.11 lpd Remote Command Execution Exploit (Metasploit)
CA Unicenter 3.1 CAM log_security() Stack Overflow Exploit (Metasploit)

Snort <= 2.4.2 BackOrifice Remote Buffer Overflow Exploit (meta)
Snort <= 2.4.2 BackOrifice Remote Buffer Overflow Exploit (Metasploit)

WzdFTPD <= 0.5.4 (SITE) Remote Command Execution Exploit (meta)
WzdFTPD <= 0.5.4 (SITE) Remote Command Execution Exploit (Metasploit)

Golden FTP Server <= 1.92 - (APPE) Remote Overflow Exploit (meta)
Golden FTP Server <= 1.92 - (APPE) Remote Overflow Exploit (Metasploit)

Windows XP/2003 Metafile Escape() Code Execution Exploit (meta)
Windows XP/2003 Metafile Escape() Code Execution Exploit (Metasploit)

Sami FTP Server 2.0.1 - Remote Buffer Overflow Exploit (meta)
Sami FTP Server 2.0.1 - Remote Buffer Overflow Exploit (Metasploit)

Winamp <= 5.12 - (.pls) Remote Buffer Overflow Exploit (meta)
Winamp <= 5.12 - (.pls) Remote Buffer Overflow Exploit (Metasploit)

SoftiaCom WMailserver 1.0 SMTP Remote Buffer Overflow Exploit (meta)
SoftiaCom WMailserver 1.0 SMTP Remote Buffer Overflow Exploit (Metasploit)

Microsoft Windows Media Player 9 - Plugin Overflow Exploit (MS06-006) (meta)
Microsoft Windows Media Player 9 - Plugin Overflow Exploit (MS06-006) (Metasploit)

Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit (meta)
Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit (Metasploit)

PeerCast <= 0.1216 - Remote Buffer Overflow Exploit (Win32) (meta)
PeerCast <= 0.1216 - Remote Buffer Overflow Exploit (Win32) (Metasploit)

PuTTy.exe <= 0.53 - (validation) Remote Buffer Overflow Exploit (meta)
PuTTy.exe <= 0.53 - (validation) Remote Buffer Overflow Exploit (Metasploit)

RealVNC 4.1.0 - 4.1.1 - (Null Authentication) Auth Bypass Exploit (meta)
RealVNC 4.1.0 - 4.1.1 - (Null Authentication) Auth Bypass Exploit (Metasploit)

CesarFTP 0.99g - (MKD) Remote Buffer Overflow Exploit (meta)
CesarFTP 0.99g - (MKD) Remote Buffer Overflow Exploit (Metasploit)

TWiki <= 4.0.4 (Configure Script) Remote Code Execution Exploit (meta)
TWiki <= 4.0.4 (Configure Script) Remote Code Execution Exploit (Metasploit)
Omni-NFS Server 5.2 (nfsd.exe) Remote Stack Overflow Exploit (meta)
OpenLDAP 2.2.29 - Remote Denial of Service Exploit (meta)
Omni-NFS Server 5.2 (nfsd.exe) Remote Stack Overflow Exploit (Metasploit)
OpenLDAP 2.2.29 - Remote Denial of Service Exploit (Metasploit)
Broadcom Wireless Driver Probe Response SSID Overflow Exploit (meta)
D-Link DWL-G132 Wireless Driver Beacon Rates Overflow Exploit (meta)
Broadcom Wireless Driver Probe Response SSID Overflow Exploit (Metasploit)
D-Link DWL-G132 Wireless Driver Beacon Rates Overflow Exploit (Metasploit)

VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (meta)
VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (Metasploit)

Wordpress 2.0.5 - Trackback UTF-7 - Remote SQL Injection Exploit
WordPress 2.0.5 - Trackback UTF-7 - Remote SQL Injection Exploit

Berlios GPSD <= 2.7 - Remote Format String Exploit (meta)
Berlios GPSD <= 2.7 - Remote Format String Exploit (Metasploit)

FileCOPA FTP Server <= 1.01 (LIST) Remote BoF Exploit (meta)
FileCOPA FTP Server <= 1.01 (LIST) Remote BoF Exploit (Metasploit)

Wordpress <= 2.0.6 - wp-trackback.php Remote SQL Injection Exploit
WordPress <= 2.0.6 - wp-trackback.php Remote SQL Injection Exploit

3Com TFTP Service <= 2.0.1 - Remote Buffer Overflow Exploit (meta)
3Com TFTP Service <= 2.0.1 - Remote Buffer Overflow Exploit (Metasploit)

Imail 8.10-8.12 (RCPT TO) Remote Buffer Overflow Exploit (meta)
Imail 8.10-8.12 (RCPT TO) Remote Buffer Overflow Exploit (Metasploit)

IPSwitch WS-FTP 5.05 (XMD5) Remote Buffer Overflow Exploit (meta)
IPSwitch WS-FTP 5.05 (XMD5) Remote Buffer Overflow Exploit (Metasploit)

NaviCOPA Web Server 2.01 - Remote Buffer Overflow Exploit (meta)
NaviCOPA Web Server 2.01 - Remote Buffer Overflow Exploit (Metasploit)

Wordpress 2.1.2 - (xmlrpc) Remote SQL Injection Exploit
WordPress 2.1.2 - (xmlrpc) Remote SQL Injection Exploit

AOL SuperBuddy ActiveX Control Remote Code Execution Exploit (meta)
AOL SuperBuddy ActiveX Control Remote Code Execution Exploit (Metasploit)
Wordpress plugin wp-Table <= 1.43 - (inc_dir) RFI Vulnerability
Wordpress plugin wordTube <= 1.43 - (wpPATH) RFI Vulnerability
WordPress plugin wp-Table <= 1.43 - (inc_dir) RFI Vulnerability
WordPress plugin wordTube <= 1.43 - (wpPATH) RFI Vulnerability

Wordpress plugin myflash <= 1.00 - (wppath) RFI Vulnerability
WordPress plugin myflash <= 1.00 - (wppath) RFI Vulnerability

Wordpress 2.1.3 - admin-ajax.php SQL Injection Blind Fishing Exploit
WordPress 2.1.3 - admin-ajax.php SQL Injection Blind Fishing Exploit

SNMPc <= 7.0.18 - Remote Denial of Service Exploit (meta)
SNMPc <= 7.0.18 - Remote Denial of Service Exploit (Metasploit)

Wordpress 2.2 - (xmlrpc.php) Remote SQL Injection Exploit
WordPress 2.2 - (xmlrpc.php) Remote SQL Injection Exploit

CCProxy <= 6.2 - Telnet Proxy Ping Overflow Exploit (meta)
CCProxy <= 6.2 - Telnet Proxy Ping Overflow Exploit (Metasploit)

Wordpress Multiple Versions - Pwnpress Exploitation Tookit (0.2pub)
WordPress Multiple Versions - Pwnpress Exploitation Tookit (0.2pub)

eIQnetworks ESA SEARCHREPORT Remote Overflow Exploit (meta)
eIQnetworks ESA SEARCHREPORT Remote Overflow Exploit (Metasploit)

Wordpress Plugin PictPress <= 0.91 - Remote File Disclosure Vulnerability
WordPress Plugin PictPress <= 0.91 - Remote File Disclosure Vulnerability

Wordpress <= 2.3.1 - Charset Remote SQL Injection Vulnerability
WordPress <= 2.3.1 - Charset Remote SQL Injection Vulnerability

Wordpress Plugin Wp-FileManager 1.2 - Remote Upload Vulnerability
WordPress Plugin Wp-FileManager 1.2 - Remote Upload Vulnerability

Wordpress plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability
WordPress plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability
Wordpress Plugin WP-Cal 0.3 - editevent.php SQL Injection Vulnerability
Wordpress plugin fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability
WordPress Plugin WP-Cal 0.3 - editevent.php SQL Injection Vulnerability
WordPress plugin fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability

Wordpress Plugin Adserve 0.2 - adclick.php SQL Injection Exploit
WordPress Plugin Adserve 0.2 - adclick.php SQL Injection Exploit

Wordpress Plugin WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit
WordPress Plugin WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit

Wordpress Plugin Wordspew - Remote SQL Injection Vulnerability
WordPress Plugin Wordspew - Remote SQL Injection Vulnerability

Wordpress Plugin st_newsletter - Remote SQL Injection Vulnerability
WordPress Plugin st_newsletter - Remote SQL Injection Vulnerability

Wordpress MU < 1.3.2 - active_plugins option Code Execution Exploit
WordPress MU < 1.3.2 - active_plugins option Code Execution Exploit
Wordpress Plugin Simple Forum 2.0-2.1 - SQL Injection Vulnerability
Wordpress Plugin Simple Forum 1.10-1.11 - SQL Injection Vulnerability
WordPress Plugin Simple Forum 2.0-2.1 - SQL Injection Vulnerability
WordPress Plugin Simple Forum 1.10-1.11 - SQL Injection Vulnerability

Wordpress Photo album Remote - SQL Injection Vulnerability
WordPress Photo album Remote - SQL Injection Vulnerability

Wordpress Plugin Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities
WordPress Plugin Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities

Wordpress Plugin Download - (dl_id) SQL Injection Vulnerability
WordPress Plugin Download - (dl_id) SQL Injection Vulnerability

Sun Solaris <= 10 - rpc.ypupdated Remote Root Exploit (meta)
Sun Solaris <= 10 - rpc.ypupdated Remote Root Exploit (Metasploit)

Intel Centrino ipw2200BG Wireless Driver Remote BoF Exploit (meta)
Intel Centrino ipw2200BG Wireless Driver Remote BoF Exploit (Metasploit)

Wordpress Plugin Spreadsheet <= 0.6 - SQL Injection Vulnerability
WordPress Plugin Spreadsheet <= 0.6 - SQL Injection Vulnerability

HP StorageWorks NSI Double Take Remote Overflow Exploit (meta)
HP StorageWorks NSI Double Take Remote Overflow Exploit (Metasploit)

BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta)
BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (Metasploit)

Wordpress Plugin Download Manager 0.2 - Arbitrary File Upload Exploit
WordPress Plugin Download Manager 0.2 - Arbitrary File Upload Exploit

CitectSCADA ODBC Server Remote Stack Buffer Overflow Exploit (meta)
CitectSCADA ODBC Server Remote Stack Buffer Overflow Exploit (Metasploit)

Wordpress 2.6.1 - SQL Column Truncation Vulnerability
WordPress 2.6.1 - SQL Column Truncation Vulnerability

Wordpress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit
WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit

Microsoft Windows - WRITE_ANDX SMB command handling Kernel DoS (meta)
Microsoft Windows - WRITE_ANDX SMB command handling Kernel DoS (Metasploit)

WonderWare SuiteLink 2.0 - Remote Denial of Service Exploit (meta)
WonderWare SuiteLink 2.0 - Remote Denial of Service Exploit (Metasploit)

ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX BoF Exploit (meta)
ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX BoF Exploit (Metasploit)

Wordpress Plugin st_newsletter - (stnl_iframe.php) SQL Injection Vuln
WordPress Plugin st_newsletter - (stnl_iframe.php) SQL Injection Vuln

PumpKIN TFTP Server 2.7.2.0 - Denial of Service Exploit (meta)
PumpKIN TFTP Server 2.7.2.0 - Denial of Service Exploit (Metasploit)

Wordpress Plugin e-Commerce <= 3.4 - Arbitrary File Upload Exploit
WordPress Plugin e-Commerce <= 3.4 - Arbitrary File Upload Exploit

GE Fanuc Real Time Information Portal 2.6 writeFile() API Exploit (meta)
GE Fanuc Real Time Information Portal 2.6 writeFile() API Exploit (Metasploit)

GE Proficy Real Time Information Portal Credentials Leak Sniffer (meta)
GE Proficy Real Time Information Portal Credentials Leak Sniffer (Metasploit)

Wordpress Plugin Page Flip Image Gallery <= 0.2.2 - Remote FD Vuln
WordPress Plugin Page Flip Image Gallery <= 0.2.2 - Remote FD Vuln

Wordpress plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability
WordPress plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability

OpenHelpDesk 1.0.100 eval() Code Execution Exploit (meta)
OpenHelpDesk 1.0.100 eval() Code Execution Exploit (Metasploit)

Oracle 10g MDSYS.SDO_TOPO_DROP_FTBL SQL Injection Exploit (meta)
Oracle 10g MDSYS.SDO_TOPO_DROP_FTBL SQL Injection Exploit (Metasploit)

Wordpress MU < 2.7 - 'HOST' HTTP Header XSS Vulnerability
WordPress MU < 2.7 - 'HOST' HTTP Header XSS Vulnerability

Wordpress Plugin fMoblog 2.1 - (id) SQL Injection Vulnerability
WordPress Plugin fMoblog 2.1 - (id) SQL Injection Vulnerability

VirtueMart <= 1.1.2 - Remote SQL Injection Exploit (meta)
VirtueMart <= 1.1.2 - Remote SQL Injection Exploit (Metasploit)

ASP Product Catalog 1.0 (XSS/DD) Multiple Remote Exploits
ASP Product Catalog 1.0 - (XSS/DD) Multiple Remote Exploits

32bit FTP - (PASV) Reply Client Remote Overflow Exploit (meta)
32bit FTP - (PASV) Reply Client Remote Overflow Exploit (Metasploit)

Wordpress Plugin Lytebox - (wp-lytebox) Local File Inclusion Vulnerability
WordPress Plugin Lytebox - (wp-lytebox) Local File Inclusion Vulnerability

Apple iTunes 8.1.1 - (ITMS) Multiple Protocol Handler BoF Exploit (meta)
Apple iTunes 8.1.1 - (ITMS) Multiple Protocol Handler BoF Exploit (Metasploit)

Green Dam 3.17 URL Processing Buffer Overflow Exploit (meta)
Green Dam 3.17 URL Processing Buffer Overflow Exploit (Metasploit)

HP Data Protector 4.00-SP1b43064 - Remote Memory Leak/Dos (meta)
HP Data Protector 4.00-SP1b43064 - Remote Memory Leak/Dos (Metasploit)

Wordpress 2.8.1 - (url) Remote Cross-Site Scripting Exploit
WordPress 2.8.1 - (url) Remote Cross-Site Scripting Exploit

Cisco WLC 4402 - Basic Auth Remote Denial of Service (meta)
Cisco WLC 4402 - Basic Auth Remote Denial of Service (Metasploit)

Wordpress <= 2.8.3 - Remote Admin Reset Password Vulnerability
WordPress <= 2.8.3 - Remote Admin Reset Password Vulnerability

Wordpress Plugin WP-Syntax <= 0.9.1 - Remote Command Execution
WordPress Plugin WP-Syntax <= 0.9.1 - Remote Command Execution

ProFTP 2.9 (welcome message) Remote Buffer Overflow Exploit (meta)
ProFTP 2.9 (welcome message) Remote Buffer Overflow Exploit (Metasploit)

Cerberus FTP 3.0.1 (ALLO) Remote Overflow DoS Exploit (meta)
Cerberus FTP 3.0.1 (ALLO) Remote Overflow DoS Exploit (Metasploit)

SIDVault 2.0e Windows Remote Buffer Overflow Exploit (meta)
SIDVault 2.0e Windows Remote Buffer Overflow Exploit (Metasploit)

Wordpress Image Manager Plugins - Shell Upload Vulnerability
WordPress Image Manager Plugins - Shell Upload Vulnerability

HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (Meta)
HTML Help Workshop 4.74 - (hhp Project File) Buffer Overflow Exploit (Metasploit)

Adobe Illustrator CS4 14.0.0 - eps Universal Buffer Overflow (meta)
Adobe Illustrator CS4 14.0.0 - eps Universal Buffer Overflow (Metasploit)

gAlan 0.2.1 - Universal Buffer Overflow Exploit (meta)
gAlan 0.2.1 - Universal Buffer Overflow Exploit (Metasploit)

Audio Workstation 6.4.2.4.3 pls Buffer Overflow (meta)
Audio Workstation 6.4.2.4.3 pls Buffer Overflow (Metasploit)

Eureka Email 2.2q ERR Remote Buffer Overflow Exploit (meta)
Eureka Email 2.2q ERR Remote Buffer Overflow Exploit (Metasploit)

Media Jukebox 8.0.400 (seh) Buffer Overflow Exploit (meta)
Media Jukebox 8.0.400 (seh) Buffer Overflow Exploit (Metasploit)

Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (Meta)
Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (Metasploit)

Wordpress <= 2.9 - DoS (0day)
WordPress <= 2.9 - DoS (0day)

Wordpress Events Plugin - SQL Injection Vulnerability
WordPress Events Plugin - SQL Injection Vulnerability

PlayMeNow 7.3 & 7.4 - Buffer Overflow (meta)
PlayMeNow 7.3 & 7.4 - Buffer Overflow (Metasploit)

Soritong 1.0 - Universal BOF-SEH (META)
Soritong 1.0 - Universal BOF-SEH (Metasploit)

Audiotran 1.4.1 (PLS File) Stack Overflow (meta)
Audiotran 1.4.1 (PLS File) Stack Overflow (Metasploit)

AOL 9.5 Phobos.Playlist 'Import()' Buffer Overflow Exploit (Meta)
AOL 9.5 Phobos.Playlist 'Import()' Buffer Overflow Exploit (Metasploit)

Hyleos ChemView 1.9.5.1 - ActiveX Control Buffer Overflow Exploit (meta)
Hyleos ChemView 1.9.5.1 - ActiveX Control Buffer Overflow Exploit (Metasploit)

Easy FTP Server 1.7.0.2 - CWD Remote BoF (MSF Module)
Easy FTP Server 1.7.0.2 - CWD Remote BoF (Metasploit)

Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta)
Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (Metasploit)

(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Buffer Overflow (meta)
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Pre-Authentication Buffer Overflow (Metasploit)

Wordpress Plugin NextGEN Gallery <= 1.5.1 - XSS Vulnerability
WordPress Plugin NextGEN Gallery <= 1.5.1 - XSS Vulnerability

Winamp 5.572 - whatsnew.txt SEH (meta)
Winamp 5.572 - whatsnew.txt SEH (Metasploit)

WM Downloader 3.0.0.9 - Buffer Overflow (Meta)
WM Downloader 3.0.0.9 - Buffer Overflow (Metasploit)

TFTPGUI 1.4.5 - Long Transport Mode Overflow DoS (Meta)
TFTPGUI 1.4.5 - Long Transport Mode Overflow DoS (Metasploit)

IDEAL Migration 4.5.1 - Buffer Overflow Exploit (Meta)
IDEAL Migration 4.5.1 - Buffer Overflow Exploit (Metasploit)

BlazeDVD 6.0 - Buffer Overflow Exploit (Meta)
BlazeDVD 6.0 - Buffer Overflow Exploit (Metasploit)

Simple:Press Wordpress Plugin 4.3.0 - SQL Injection Vulnerability
Simple:Press WordPress Plugin 4.3.0 - SQL Injection Vulnerability

Wordpress Firestats - Remote Configuration File Download
WordPress Firestats - Remote Configuration File Download

MoreAmp SEH Buffer Overflow (meta)
MoreAmp SEH Buffer Overflow (Metasploit)

Hero DVD - Buffer Overflow Exploit (meta)
Hero DVD - Buffer Overflow Exploit (Metasploit)

Easy FTP Server 1.7.0.11 - LIST Command Remote BoF Exploit (Post Auth) - (meta)
Easy FTP Server 1.7.0.11 - LIST Command Remote BoF Exploit (Post Auth) - (Metasploit)

Wordpress Events Manager Extended Plugin - Persistent XSS Vulnerability
WordPress Events Manager Extended Plugin - Persistent XSS Vulnerability

Novell iPrint Client ActiveX Control call-back-url Buffer Overflow Exploit (meta)
Novell iPrint Client ActiveX Control call-back-url Buffer Overflow Exploit (Metasploit)

MP3 Workstation 9.2.1.1.2 - SEH Exploit (MSF)
MP3 Workstation 9.2.1.1.2 - SEH Exploit (Metasploit)

Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (MSF)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)

Wordpress Event Registration Plugin 5.32 - SQL Injection Vulnerability
WordPress Event Registration Plugin 5.32 - SQL Injection Vulnerability

Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (msf)
Image Viewer CP Gold 5.5 - Image2PDF() Buffer Overflow (Metasploit)

TFTPUtil GUI 1.4.5 - DoS (Meta)
TFTPUtil GUI 1.4.5 - DoS (Metasploit)

Wordpress do_trackbacks() function - SQL Injection Vulnerability
WordPress do_trackbacks() function - SQL Injection Vulnerability

Create a New User with UID 0 - ARM (Meta)
Create a New User with UID 0 - ARM (Metasploit)

Comment Rating 2.9.23 Wordpress Plugin - Multiple Vulnerabilities
Comment Rating 2.9.23 WordPress Plugin - Multiple Vulnerabilities

Z-Vote 1.1 Wordpress Plugin - SQL Injection Vulnerability
Z-Vote 1.1 WordPress Plugin - SQL Injection Vulnerability
GigPress 2.1.10 Wordpress Plugin - Stored XSS Vulnerability
Relevanssi 2.7.2 Wordpress Plugin - Stored XSS Vulnerability
GigPress 2.1.10 WordPress Plugin - Stored XSS Vulnerability
Relevanssi 2.7.2 WordPress Plugin - Stored XSS Vulnerability
Wordpress Plugin Forum Server 1.6.5 - SQL Injection Vulnerability
IWantOneButton 3.0.1 Wordpress Plugin - Multiple Vulnerabilities
WordPress Plugin Forum Server 1.6.5 - SQL Injection Vulnerability
IWantOneButton 3.0.1 WordPress Plugin - Multiple Vulnerabilities
jQuery Mega Menu 1.0 Wordpress Plugin - Local File Inclusion
OPS Old Post Spinner 2.2.1 Wordpress Plugin - LFI Vulnerability
jQuery Mega Menu 1.0 WordPress Plugin - Local File Inclusion
OPS Old Post Spinner 2.2.1 WordPress Plugin - LFI Vulnerability

PHP Speedy <= 0.5.2 Wordpress Plugin - (admin_container.php) Remote Code Execution Exploit
PHP Speedy <= 0.5.2 WordPress Plugin - (admin_container.php) Remote Code Execution Exploit

GRAND Flash Album Gallery 0.55 Wordpress Plugin - Multiple Vulnerabilities
GRAND Flash Album Gallery 0.55 WordPress Plugin - Multiple Vulnerabilities

Wordpress plugin BackWPup - Remote and Local Code Execution Vulnerability
WordPress plugin BackWPup - Remote and Local Code Execution Vulnerability

Wordpress Plugin Custom Pages 0.5.0.1 - LFI Vulnerability
WordPress Plugin Custom Pages 0.5.0.1 - LFI Vulnerability

Microsoft Word 2003 - Record Parsing Buffer Overflow (meta) (MS09-027)
Microsoft Word 2003 - Record Parsing Buffer Overflow (Metasploit) (MS09-027)

Wordpress Plugin Is-human <= 1.4.2 - Remote Command Execution Vulnerability
WordPress Plugin Is-human <= 1.4.2 - Remote Command Execution Vulnerability

Wordpress Beer Recipes Plugin 1.0 - XSS
WordPress Beer Recipes Plugin 1.0 - XSS

Word List Builder 1.0 - Buffer Overflow Exploit (MSF)
Word List Builder 1.0 - Buffer Overflow Exploit (Metasploit)

Wordtrainer 3.0 - (.ord) Buffer Overflow Vulnerability (MSF)
Wordtrainer 3.0 - (.ord) Buffer Overflow Vulnerability (Metasploit)
Freefloat FTP Server Buffer Overflow Vulnerability (MSF)
CoolPlayer Portable 2.19.2 - Buffer Overflow (MSF)
Freefloat FTP Server Buffer Overflow Vulnerability (Metasploit)
CoolPlayer Portable 2.19.2 - Buffer Overflow (Metasploit)

Freefloat FTP Server MKD Buffer Overflow (MSF)
Freefloat FTP Server MKD Buffer Overflow (Metasploit)

FreeFloat FTP Server REST Buffer Overflow (MSF)
FreeFloat FTP Server REST Buffer Overflow (Metasploit)

Joomla 1.5 com_virtuemart <= 1.1.7 - Blind time-based SQL Injection (MSF)
Joomla 1.5 com_virtuemart <= 1.1.7 - Blind time-based SQL Injection (Metasploit)

Actfax FTP Server <= 4.27 - USER Command Stack Buffer Overflow (MSF) (0day)
Actfax FTP Server <= 4.27 - USER Command Stack Buffer Overflow (Metasploit) (0day)
ABBS Audio Media Player 3.0 - Buffer Overflow Exploit (MSF)
ABBS Electronic Flashcards 2.1 - Buffer Overflow Exploit (MSF)
ABBS Audio Media Player 3.0 - Buffer Overflow Exploit (Metasploit)
ABBS Electronic Flashcards 2.1 - Buffer Overflow Exploit (Metasploit)

FreeAmp 2.0.7 - (.fat) Buffer Overflow Exploit (MSF)
FreeAmp 2.0.7 - (.fat) Buffer Overflow Exploit (Metasploit)

Wordpress Plugin E-commerce <= 3.8.4 - SQL Injection Exploit
WordPress Plugin E-commerce <= 3.8.4 - SQL Injection Exploit

Wordpress Plugin Symposium <= 0.64 - SQL Injection Vulnerability
WordPress Plugin Symposium <= 0.64 - SQL Injection Vulnerability
Wordpress Plugin DS FAQ <= 1.3.2 - SQL Injection Vulnerability
Wordpress Plugin Forum <= 1.7.8 - SQL Injection Vulnerability
WordPress Plugin DS FAQ <= 1.3.2 - SQL Injection Vulnerability
WordPress Plugin Forum <= 1.7.8 - SQL Injection Vulnerability

Solarftp 2.1.2 - PASV Buffer Overflow Exploit (MSF)
Solarftp 2.1.2 - PASV Buffer Overflow Exploit (Metasploit)

Wordpress Plugin audio gallery playlist <= 0.12 - SQL Injection
WordPress Plugin audio gallery playlist <= 0.12 - SQL Injection

Wordpress grapefile plugin <= 1.1 - Arbitrary File Upload
WordPress grapefile plugin <= 1.1 - Arbitrary File Upload

Wordpress Plugin Bannerize <= 2.8.6 - SQL Injection
WordPress Plugin Bannerize <= 2.8.6 - SQL Injection

Wordpress 1 Flash Gallery Plugin - Arbiraty File Upload Exploit (MSF)
WordPress 1 Flash Gallery Plugin - Arbiraty File Upload Exploit (Metasploit)

BisonFTP Server <= 3.5 - Remote Buffer Overflow Exploit (MSF)
BisonFTP Server <= 3.5 - Remote Buffer Overflow Exploit (Metasploit)

Wordpress Event Registration plugin <= 5.44 - SQL Injection Vulnerability
WordPress Event Registration plugin <= 5.44 - SQL Injection Vulnerability

Wordpress Plugin Forum Server <= 1.7 - SQL Injection Vulnerability
WordPress Plugin Forum Server <= 1.7 - SQL Injection Vulnerability

Wordpress Plugin e-Commerce <= 3.8.6 - SQL Injection Vulnerability
WordPress Plugin e-Commerce <= 3.8.6 - SQL Injection Vulnerability
Wordpress TheCartPress Plugin 1.1.1 - Remote File Inclusion
Wordpress AllWebMenus Plugin 1.1.3 - Remote File Inclusion
Wordpress WPEasyStats Plugin 1.8 - Remote File Inclusion
Wordpress Annonces Plugin 1.2.0.0 - Remote File Inclusion
Wordpress Livesig Plugin 0.4 - Remote File Inclusion
Wordpress Disclosure Policy Plugin 1.0 - Remote File Inclusion
Wordpress Mailing List Plugin 1.3.2 - Remote File Inclusion
Wordpress Zingiri Web Shop Plugin 2.2.0 - Remote File Inclusion
Wordpress Mini Mail Dashboard Widget Plugin 1.36 - Remote File Inclusion
Wordpress Relocate Upload Plugin 0.14 - Remote File Inclusion
WordPress TheCartPress Plugin 1.1.1 - Remote File Inclusion
WordPress AllWebMenus Plugin 1.1.3 - Remote File Inclusion
WordPress WPEasyStats Plugin 1.8 - Remote File Inclusion
WordPress Annonces Plugin 1.2.0.0 - Remote File Inclusion
WordPress Livesig Plugin 0.4 - Remote File Inclusion
WordPress Disclosure Policy Plugin 1.0 - Remote File Inclusion
WordPress Mailing List Plugin 1.3.2 - Remote File Inclusion
WordPress Zingiri Web Shop Plugin 2.2.0 - Remote File Inclusion
WordPress Mini Mail Dashboard Widget Plugin 1.36 - Remote File Inclusion
WordPress Relocate Upload Plugin 0.14 - Remote File Inclusion

Multiple Wordpress Plugin - timthumb.php Vulnerabilites
Multiple WordPress Plugin - timthumb.php Vulnerabilites

ScriptFTP 3.3 - Remote Buffer Overflow (MSF)
ScriptFTP 3.3 - Remote Buffer Overflow (Metasploit)

Wordpress Plugin Bannerize <= 2.8.7 - SQL Injection Vulnerability
WordPress Plugin Bannerize <= 2.8.7 - SQL Injection Vulnerability

Wordpress Plugin Photo Album Plus <= 4.1.1 - SQL Injection Vulnerability
WordPress Plugin Photo Album Plus <= 4.1.1 - SQL Injection Vulnerability

Wordpress Plugin Glossary - SQL Injection
WordPress Plugin Glossary - SQL Injection

Wordpress Zingiri Plugin <= 2.2.3 - (ajax_save_name.php) Remote Code Execution
WordPress Zingiri Plugin <= 2.2.3 - (ajax_save_name.php) Remote Code Execution

Wordpress UPM-POLLS Plugin 1.0.4 - Blind SQL Injection
WordPress UPM-POLLS Plugin 1.0.4 - Blind SQL Injection

Wordpress Mailing List Plugin - Arbitrary File Download
WordPress Mailing List Plugin - Arbitrary File Download

Wordpress Kish Guest Posting Plugin 1.0 - Arbitrary File Upload
WordPress Kish Guest Posting Plugin 1.0 - Arbitrary File Upload

Wordpress Age Verification Plugin <= 0.4 - Open Redirect
WordPress Age Verification Plugin <= 0.4 - Open Redirect

Wordpress Count-per-day plugin - Multiple Vulnerabilities
WordPress Count-per-day plugin - Multiple Vulnerabilities

Wordpress <= 3.3.1 - Multiple Vulnerabilities
WordPress <= 3.3.1 - Multiple Vulnerabilities

Sysax Multi Server 5.50 - Create Folder Remote Code Execution BoF (MSF Module)
Sysax Multi Server 5.50 - Create Folder Remote Code Execution BoF (Metasploit)

DJ Studio Pro 5.1.6.5.2 SEH Exploit MSF
DJ Studio Pro 5.1.6.5.2 - SEH Exploit (Metasploit)

Sysax 5.53 SSH Username Buffer Overflow (msf)
Sysax 5.53 SSH Username Buffer Overflow (Metasploit)

RM Downloader 3.1.3.3.2010.06.26 - (.m3u) Buffer Overflow (MSF)
RM Downloader 3.1.3.3.2010.06.26 - (.m3u) Buffer Overflow (Metasploit)

Buddypress plugin of Wordpress - Remote SQL Injection
Buddypress plugin of WordPress - Remote SQL Injection

Wordpress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities
WordPress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities

Wordpress 3.3.1 - Multiple CSRF Vulnerabilities
WordPress 3.3.1 - Multiple CSRF Vulnerabilities

Wordpress Zingiri Web Shop Plugin <= 2.4.2 - Persistent XSS
WordPress Zingiri Web Shop Plugin <= 2.4.2 - Persistent XSS
Wordpress WP-Property Plugin 1.35.0 - Arbitrary File Upload
Wordpress Plugin Marketplace Plugin 1.5.0 - 1.6.1 - Arbitrary File Upload
Wordpress Google Maps via Store Locator Plugin 2.7.1 - 3.0.1 - Multiple Vulnerabilities
Wordpress HTML5 AV Manager Plugin 0.2.7 - Arbitrary File Upload
Wordpress Foxypress Plugin 0.4.1.1 - 0.4.2.1 - Arbitrary File Upload
WordPress WP-Property Plugin 1.35.0 - Arbitrary File Upload
WordPress Plugin Marketplace Plugin 1.5.0 - 1.6.1 - Arbitrary File Upload
WordPress Google Maps via Store Locator Plugin 2.7.1 - 3.0.1 - Multiple Vulnerabilities
WordPress HTML5 AV Manager Plugin 0.2.7 - Arbitrary File Upload
WordPress Foxypress Plugin 0.4.1.1 - 0.4.2.1 - Arbitrary File Upload
Wordpress Asset Manager Plugin 0.2 - Arbitrary File Upload
Wordpress Font Uploader Plugin 1.2.4 - Arbitrary File Upload
WordPress Asset Manager Plugin 0.2 - Arbitrary File Upload
WordPress Font Uploader Plugin 1.2.4 - Arbitrary File Upload
Wordpress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload
Wordpress Gallery Plugin 3.06 - Arbitrary File Upload
WordPress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload
WordPress Gallery Plugin 3.06 - Arbitrary File Upload
Wordpress Front File Manager Plugin 0.1 - Arbitrary File Upload
Wordpress Easy Contact Forms Export Plugin 1.1.0 - Information Disclosure Vulnerability
WordPress Front File Manager Plugin 0.1 - Arbitrary File Upload
WordPress Easy Contact Forms Export Plugin 1.1.0 - Information Disclosure Vulnerability
Wordpress Front End Upload 0.5.3 - Arbitrary File Upload
Wordpress Omni Secure Files Plugin 0.1.13 - Arbitrary File Upload
Wordpress PICA Photo Gallery Plugin 1.0 - Remote File Disclosure
WordPress Front End Upload 0.5.3 - Arbitrary File Upload
WordPress Omni Secure Files Plugin 0.1.13 - Arbitrary File Upload
WordPress PICA Photo Gallery Plugin 1.0 - Remote File Disclosure
Wordpress Plugin: Newsletter 1.5 - Remote File Disclosure Vulnerability
Wordpress RBX Gallery Plugin 2.1 - Arbitrary File Upload
Wordpress Simple Download Button Shortcode Plugin 1.0 - Remote File Disclosure
Wordpress Thinkun Remind Plugin 1.1.3 - Remote File Disclosure
Wordpress Tinymce Thumbnail Gallery Plugin 1.0.7 - Remote File Disclosure
Wordpress wpStoreCart Plugin 2.5.27-2.5.29 - Arbitrary File Upload
WordPress Plugin: Newsletter 1.5 - Remote File Disclosure Vulnerability
WordPress RBX Gallery Plugin 2.1 - Arbitrary File Upload
WordPress Simple Download Button Shortcode Plugin 1.0 - Remote File Disclosure
WordPress Thinkun Remind Plugin 1.1.3 - Remote File Disclosure
WordPress Tinymce Thumbnail Gallery Plugin 1.0.7 - Remote File Disclosure
WordPress wpStoreCart Plugin 2.5.27-2.5.29 - Arbitrary File Upload

Wordpress Content Flow 3D Plugin 1.0.0 - Arbitrary File Upload
WordPress Content Flow 3D Plugin 1.0.0 - Arbitrary File Upload

Wordpress wp-gpx-map 1.1.21 - Arbitrary File Upload Vulnerability
WordPress wp-gpx-map 1.1.21 - Arbitrary File Upload Vulnerability
Wordpress User Meta 1.1.1 - Arbitrary File Upload Vulnerability
Wordpress Top Quark Architecture 2.10 - Arbitrary File Upload Vulnerability
Wordpress SfBrowser 1.4.5 - Arbitrary File Upload Vulnerability
Wordpress Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability
Wordpress Mac Photo Gallery 2.7 - Arbitrary File Upload
Wordpress drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability
Wordpress Custom Content Type Manager 0.9.5.13-pl - Arbitrary File Upload Vulnerability
WordPress User Meta 1.1.1 - Arbitrary File Upload Vulnerability
WordPress Top Quark Architecture 2.10 - Arbitrary File Upload Vulnerability
WordPress SfBrowser 1.4.5 - Arbitrary File Upload Vulnerability
WordPress Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability
WordPress Mac Photo Gallery 2.7 - Arbitrary File Upload
WordPress drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability
WordPress Custom Content Type Manager 0.9.5.13-pl - Arbitrary File Upload Vulnerability

Wordpress Automatic Plugin 2.0.3 - SQL Injection
WordPress Automatic Plugin 2.0.3 - SQL Injection

Wordpress Fancy Gallery Plugin 1.2.4 - Arbitrary File Upload
WordPress Fancy Gallery Plugin 1.2.4 - Arbitrary File Upload
UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
UoW imapd 10.234/12.264 LSUB Buffer Overflow (Metasploit)
UoW imapd 10.234/12.264 COPY Buffer Overflow (Metasploit)

Wordpress Diary/Notebook Site5 Theme Email Spoofing
WordPress Diary/Notebook Site5 Theme Email Spoofing

Wordpress Plugin Effective Lead Management 3.0.0 - Persistent XSS
WordPress Plugin Effective Lead Management 3.0.0 - Persistent XSS

Wordpress Plugin ThreeWP Email Reflector 1.13 - Stored XSS
WordPress Plugin ThreeWP Email Reflector 1.13 - Stored XSS

Symantec Web Gateway <= 5.0.3.18 - Arbitrary Password Change (MSF)
Symantec Web Gateway <= 5.0.3.18 - Arbitrary Password Change (Metasploit)

Solaris 2.6/7.0/8 snmpXdmid Buffer Overflow Vulnerability (msf)
Solaris 2.6/7.0/8 snmpXdmid Buffer Overflow Vulnerability (Metasploit)

Wordpress Count per Day Plugin 3.2.3 - XSS Vulnerability
WordPress Count per Day Plugin 3.2.3 - XSS Vulnerability

Wordpress HD Webplayer 1.1 - SQL Injection Vulnerability
WordPress HD Webplayer 1.1 - SQL Injection Vulnerability

Wordpress Plugin spider calendar - Multiple Vulnerabilities
WordPress Plugin spider calendar - Multiple Vulnerabilities

FireStorm Professional Real Estate Wordpress Plugin 2.06.01 - SQL Injection Vulnerability
FireStorm Professional Real Estate WordPress Plugin 2.06.01 - SQL Injection Vulnerability

ManageEngine Security Manager Plus <= 5.5 build 5505 - Remote SYSTEM SQLi (MSF)
ManageEngine Security Manager Plus <= 5.5 build 5505 - Remote SYSTEM SQLi (Metasploit)

Wordpress Easy Webinar Plugin - Blind SQL Injection Vulnerability
WordPress Easy Webinar Plugin - Blind SQL Injection Vulnerability

Wordpress bbpress Plugin - Multiple Vulnerabilities
WordPress bbpress Plugin - Multiple Vulnerabilities

Wordpress All Video Gallery 1.1 - SQL Injection Vulnerability
WordPress All Video Gallery 1.1 - SQL Injection Vulnerability

Wordpress Spider Catalog 1.1 - HTML Code Injection and Cross-Site scripting
WordPress Spider Catalog 1.1 - HTML Code Injection and Cross-Site scripting

Wordpress Facebook Survey 1.0 - SQL Injection Vulnerability
WordPress Facebook Survey 1.0 - SQL Injection Vulnerability

Wordpress 0.6/0.7 Blog.Header.PHP - SQL Injection Vulnerabilities
WordPress 0.6/0.7 Blog.Header.PHP - SQL Injection Vulnerabilities

Portable phpMyAdmin Wordpress Plugin - Authentication Bypass
Portable phpMyAdmin WordPress Plugin - Authentication Bypass

Cisco IOS 12 MSFC2 Malformed Layer 2 Frame Denial of Service Vulnerability
Cisco IOS 12 MSFC2 - Malformed Layer 2 Frame Denial of Service Vulnerability

BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass (MSF)
BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass (Metasploit)

Jenkins CI Script Console Command Execution MSF Module
Jenkins CI Script Console - Command Execution (Metasploit)

Wordpress plugin Ripe HD FLV Player - SQL Injection Vulnerability
WordPress plugin Ripe HD FLV Player - SQL Injection Vulnerability

Wordpress Developer Formatter - CSRF Vulnerability
WordPress Developer Formatter - CSRF Vulnerability

Wordpress Comment Rating Plugin 2.9.32 - Multiple Vulnerabilities
WordPress Comment Rating Plugin 2.9.32 - Multiple Vulnerabilities

Wordpress 1.2 - Wp-login.PHP HTTP Response Splitting Vulnerability
WordPress 1.2 - Wp-login.PHP HTTP Response Splitting Vulnerability

Wordpress Mathjax Latex Plugin 1.1 - CSRF Vulnerability
WordPress Mathjax Latex Plugin 1.1 - CSRF Vulnerability

Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS
WordPress FuneralPress Plugin 1.1.6 - Persistent XSS

Wordpress W3 Total Cache - PHP Code Execution
WordPress W3 Total Cache - PHP Code Execution

Wordpress wp-FileManager - Arbitrary File Download Vulnerability
WordPress wp-FileManager - Arbitrary File Download Vulnerability

Wordpress 1.5 - Post.PHP Cross-Site Scripting Vulnerability
WordPress 1.5 - Post.PHP Cross-Site Scripting Vulnerability
Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability
Wordpress Spider Event Calendar Plugin 1.3.0 - Multiple Vulnerabilities
Wordpress Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities
WordPress User Role Editor Plugin 3.12 - CSRF Vulnerability
WordPress Spider Event Calendar Plugin 1.3.0 - Multiple Vulnerabilities
WordPress Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities

Wordpress WP-SendSms Plugin 1.0 - Multiple Vulnerabilities
WordPress WP-SendSms Plugin 1.0 - Multiple Vulnerabilities

AudioCoder (.lst) - Buffer Overflow (msf)
AudioCoder (.lst) - Buffer Overflow (Metasploit)

Wordpress Spicy Blogroll Plugin - File Inclusion Vulnerability
WordPress Spicy Blogroll Plugin - File Inclusion Vulnerability

PCMan FTP Server 2.0.7 - Remote Exploit (msf)
PCMan FTP Server 2.0.7 - Remote Exploit (Metasploit)

HP Data Protector CMD Install Service Vulnerability (msf)
HP Data Protector CMD Install Service Vulnerability (Metasploit)

Wordpress Plugin Better WP Security - Stored XSS
WordPress Plugin Better WP Security - Stored XSS

Wordpress Booking Calendar 4.1.4 - CSRF Vulnerability
WordPress Booking Calendar 4.1.4 - CSRF Vulnerability

Wordpress Usernoise Plugin 3.7.8 - Persistent XSS Vulnerability
WordPress Usernoise Plugin 3.7.8 - Persistent XSS Vulnerability

Wordpress Hms Testimonials Plugin 2.0.10 - Multiple Vulnerabilities
WordPress Hms Testimonials Plugin 2.0.10 - Multiple Vulnerabilities

Wordpress IndiaNIC Testimonial Plugin - Multiple Vulnerabilities
WordPress IndiaNIC Testimonial Plugin - Multiple Vulnerabilities

Wordpress ThinkIT Plugin 0.1 - Multiple Vulnerabilities
WordPress ThinkIT Plugin 0.1 - Multiple Vulnerabilities

freeFTPd 1.0.10 PASS Command SEH Overflow (msf)
freeFTPd 1.0.10 PASS Command SEH Overflow (Metasploit)

PCMAN FTP 2.07 STOR Command - Stack Overflow Exploit (MSF)
PCMAN FTP 2.07 STOR Command - Stack Overflow Exploit (Metasploit)

Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability
WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability

WP-DB Backup For Wordpress 1.6/1.7 Edit.PHP - Directory Traversal Vulnerability
WP-DB Backup For WordPress 1.6/1.7 Edit.PHP - Directory Traversal Vulnerability

Western Digital Arkeia Remote Code Execution (msf module)
Western Digital Arkeia Remote Code Execution (Metasploit)

Wordpress Lazy SEO plugin 1.1.9 - Shell Upload Vulnerability
WordPress Lazy SEO plugin 1.1.9 - Shell Upload Vulnerability

Wordpress NOSpamPTI Plugin - Blind SQL Injection
WordPress NOSpamPTI Plugin - Blind SQL Injection

Wordpress Quick Contact Form Plugin 6.0 - Persistent XSS
WordPress Quick Contact Form Plugin 6.0 - Persistent XSS

Wordpress Cart66 Plugin 1.5.1.14 - Multiple Vulnerabilities
WordPress Cart66 Plugin 1.5.1.14 - Multiple Vulnerabilities

Dexs PM System Wordpress Plugin - Authenticated Persistent XSS (0day)
Dexs PM System WordPress Plugin - Authenticated Persistent XSS (0day)

Wordpress Plugin Realty - Blind SQL Injection
WordPress Plugin Realty - Blind SQL Injection

Wordpress 1.x/2.0.x - Template.PHP HTML Injection Vulnerability
WordPress 1.x/2.0.x - Template.PHP HTML Injection Vulnerability

Wordpress Highlight Premium Theme - CSRF File Upload Vulnerability
WordPress Highlight Premium Theme - CSRF File Upload Vulnerability

Wordpress 2.1.1 - Post.PHP Cross-Site Scripting Vulnerability
WordPress 2.1.1 - Post.PHP Cross-Site Scripting Vulnerability

Wordpress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities

Wordpress 1.x/2.0.x - Templates.PHP Cross-Site Scripting Vulnerability
WordPress 1.x/2.0.x - Templates.PHP Cross-Site Scripting Vulnerability
Wordpress Euclid Theme 1.x.x - CSRF Vulnerability
Wordpress Dimension Theme - CSRF Vulnerability
Wordpress Amplus Theme - CSRF Vulnerability
Wordpress Make A Statement (MaS) Theme - CSRF Vulnerability
WordPress Euclid Theme 1.x.x - CSRF Vulnerability
WordPress Dimension Theme - CSRF Vulnerability
WordPress Amplus Theme - CSRF Vulnerability
WordPress Make A Statement (MaS) Theme - CSRF Vulnerability

Wordpress Download Manager Free & Pro 2.5.8 - Persistent Cross-Site Scripting
WordPress Download Manager Free & Pro 2.5.8 - Persistent Cross-Site Scripting

Wordpress Orange Themes - CSRF File Upload Vulnerability
WordPress Orange Themes - CSRF File Upload Vulnerability

Wordpress Formcraft Plugin - SQL Injection Vulnerability
WordPress Formcraft Plugin - SQL Injection Vulnerability

Wordpress page-flip-image-gallery Plugins - Remote File Upload
WordPress page-flip-image-gallery Plugins - Remote File Upload

Wordpress Persuasion Theme 2.x - Arbitrary File Download and File Deletion Exploit
WordPress Persuasion Theme 2.x - Arbitrary File Download and File Deletion Exploit

Wordpress Dandelion Theme - Arbitry File Upload
WordPress Dandelion Theme - Arbitry File Upload
Wordpress Frontend Upload Plugin - Arbitrary File Upload
Wordpress Buddypress Plugin 1.9.1 - Privilege Escalation
WordPress Frontend Upload Plugin - Arbitrary File Upload
WordPress Buddypress Plugin 1.9.1 - Privilege Escalation

Wordpress BP Group Documents Plugin 1.2.1 - Multiple Vulnerabilities
WordPress BP Group Documents Plugin 1.2.1 - Multiple Vulnerabilities

Wordpress AdRotate Plugin 3.9.4 - (clicktracker.php track param) SQL Injection
WordPress AdRotate Plugin 3.9.4 - (clicktracker.php track param) SQL Injection

Wordpress VideoWhisper 4.27.3 - Multiple Vulnerabilities
WordPress VideoWhisper 4.27.3 - Multiple Vulnerabilities

Gold MP4 Player 3.3 - Universal SEH Exploit (MSF)
Gold MP4 Player 3.3 - Universal SEH Exploit (Metasploit)

Wordpress Ajax Pagination Plugin 1.1 - Local File Inclusion
WordPress Ajax Pagination Plugin 1.1 - Local File Inclusion

Wordpress XCloner Plugin 3.1.0 - CSRF Vulnerability
WordPress XCloner Plugin 3.1.0 - CSRF Vulnerability
Wordpress Quick Page/Post Redirect Plugin 5.0.3 - Multiple Vulnerabilities
Wordpress Twitget Plugin 3.3.1 - Multiple Vulnerabilities
WordPress Quick Page/Post Redirect Plugin 5.0.3 - Multiple Vulnerabilities
WordPress Twitget Plugin 3.3.1 - Multiple Vulnerabilities

Wordpress Work-The-Flow Plugin 1.2.1 - Arbitrary File Upload
WordPress Work-The-Flow Plugin 1.2.1 - Arbitrary File Upload

Wordpress iMember360 Plugin 3.8.012 - 3.9.001 - Multiple Vulnerabilities
WordPress iMember360 Plugin 3.8.012 - 3.9.001 - Multiple Vulnerabilities

Wireshark CAPWAP Dissector - Denial of Service (msf)
Wireshark CAPWAP Dissector - Denial of Service (Metasploit)

Wordpress Participants Database 1.5.4.8 - SQL Injection
WordPress Participants Database 1.5.4.8 - SQL Injection

Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0day)
WordPress TimThumb 2.8.13 WebShot - Remote Code Execution (0day)

Wordpress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities
WordPress Simple Share Buttons Adder Plugin 4.4 - Multiple Vulnerabilities

Serenity Audio Player 3.2.3 - (.m3u) Buffer Overflow Vulnerability (meta)
Serenity Audio Player 3.2.3 - (.m3u) Buffer Overflow Vulnerability (Metasploit)

Wordpress MailPoet - (wysija-newsletters) Unauthenticated File Upload
WordPress MailPoet - (wysija-newsletters) Unauthenticated File Upload

Gigya Socialize Plugin 1.0/1.1.x for Wordpress - Cross-Site Scripting Vulnerability
Gigya Socialize Plugin 1.0/1.1.x for WordPress - Cross-Site Scripting Vulnerability

Wordpress Plugin Gallery Objects 0.4 - SQL Injection
WordPress Plugin Gallery Objects 0.4 - SQL Injection

Wordpress WP BackupPlus - Database And Files Backup Download (0day)
WordPress WP BackupPlus - Database And Files Backup Download (0day)

Wordpress Video Gallery Plugin 2.5 - Multiple Vulnerabilities
WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities

Disqus for Wordpress 2.7.5 - Admin Stored CSRF and XSS
Disqus for WordPress 2.7.5 - Admin Stored CSRF and XSS

Wordpress Huge-IT Image Gallery 1.0.1 - Authenticated SQL Injection
WordPress Huge-IT Image Gallery 1.0.1 - Authenticated SQL Injection

Wordpress Plugins Premium Gallery Manager - Unauthenticated Configuration Access Vulnerability
WordPress Plugins Premium Gallery Manager - Unauthenticated Configuration Access Vulnerability

Wordpress Like Dislike Counter 1.2.3 Plugin - SQL Injection Vulnerability
WordPress Like Dislike Counter 1.2.3 Plugin - SQL Injection Vulnerability

Wordpress Bulk Delete Users by Email Plugin 1.0 - CSRF
WordPress Bulk Delete Users by Email Plugin 1.0 - CSRF

Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities
WordPress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities

Wordpress Slideshow Gallery 1.4.6 - Shell Upload (Python Exploit)
WordPress Slideshow Gallery 1.4.6 - Shell Upload (Python Exploit)

Wordpress Login Widget With Shortcode 3.1.1 - Multiple Vulnerabilities
WordPress Login Widget With Shortcode 3.1.1 - Multiple Vulnerabilities

GNU bash Environment Variable Command Injection (MSF)
GNU bash Environment Variable Command Injection (Metasploit)

Wordpress All In One WP Security Plugin 3.8.2 - SQL Injection
WordPress All In One WP Security Plugin 3.8.2 - SQL Injection

All In One Wordpress Firewall 3.8.3 - Persistent XSS Vulnerability
All In One WordPress Firewall 3.8.3 - Persistent XSS Vulnerability

Bash - CGI RCE (MSF) Shellshock Exploit
Bash - CGI RCE (Metasploit) Shellshock Exploit

Wordpress InfusionSoft Plugin - Upload Vulnerability
WordPress InfusionSoft Plugin - Upload Vulnerability

Creative Contact Form (Wordpress 0.9.7 and Joomla 2.0.0) - Shell Upload Vulnerability
Creative Contact Form (WordPress 0.9.7 and Joomla 2.0.0) - Shell Upload Vulnerability

Wordpress CP Multi View Event Calendar 1.01 - SQL Injection
WordPress CP Multi View Event Calendar 1.01 - SQL Injection

XCloner Wordpress/Joomla! Plugin - Multiple Vulnerabilities
XCloner WordPress/Joomla! Plugin - Multiple Vulnerabilities

Another Wordpress Classifieds Plugin - SQL Injection
Another WordPress Classifieds Plugin - SQL Injection

Wordpress SP Client Document Manager Plugin 2.4.1 - SQL Injection
WordPress SP Client Document Manager Plugin 2.4.1 - SQL Injection

Microsoft Internet Explorer < 11 - OLE Automation Array Remote Code Execution (MSF)
Microsoft Internet Explorer < 11 - OLE Automation Array Remote Code Execution (Metasploit)

Wordpress CM Download Manager Plugin 2.0.0 - Code Injection
WordPress CM Download Manager Plugin 2.0.0 - Code Injection
Wordpress wpDataTables Plugin 1.5.3 - SQL Injection Vulnerability
Wordpress wpDataTables Plugin 1.5.3 - Unauthenticated Shell Upload Vulnerability
WordPress wpDataTables Plugin 1.5.3 - SQL Injection Vulnerability
WordPress wpDataTables Plugin 1.5.3 - Unauthenticated Shell Upload Vulnerability

Wordpress Google Document Embedder 2.5.14 - SQL Injection
WordPress Google Document Embedder 2.5.14 - SQL Injection

Wordpress DB Backup Plugin - Arbitrary File Download
WordPress DB Backup Plugin - Arbitrary File Download

Wordpress Plugin Slider Revolution 3.0.95 /Showbiz Pro 1.7.1 - Shell Upload Exploit
WordPress Plugin Slider Revolution 3.0.95 /Showbiz Pro 1.7.1 - Shell Upload Exploit

Wordpress < 4.0.1 - Denial of Service
WordPress < 4.0.1 - Denial of Service

Wordpress Nextend Facebook Connect Plugin 1.4.59 - XSS Vulnerability
WordPress Nextend Facebook Connect Plugin 1.4.59 - XSS Vulnerability

CodeArt Google MP3 Player Wordpress Plugin - File Disclosure Download
CodeArt Google MP3 Player WordPress Plugin - File Disclosure Download

Wordpress Ajax Store Locator 1.2 - Arbitrary File Download
WordPress Ajax Store Locator 1.2 - Arbitrary File Download

Wordpress Plugin Symposium 14.10 - SQL Injection
WordPress Plugin Symposium 14.10 - SQL Injection

Wordpress Download Manager 2.7.4 - Remote Code Execution Vulnerability
WordPress Download Manager 2.7.4 - Remote Code Execution Vulnerability

Wordpress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit
WordPress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit

Live Wire 2.3.1 For Wordpress - Multiple Security Vulnerabilities
Live Wire 2.3.1 For WordPress - Multiple Security Vulnerabilities

The Gazette Edition 2.9.4 For Wordpress - Multiple Security Vulnerabilities
The Gazette Edition 2.9.4 For WordPress - Multiple Security Vulnerabilities

Wordpress Pie Register Plugin 2.0.13 - Privilege Escalation
WordPress Pie Register Plugin 2.0.13 - Privilege Escalation

Wordpress Cforms Plugin 14.7 - Remote Code Execution
WordPress Cforms Plugin 14.7 - Remote Code Execution

Wordpress Photo Gallery Plugin 1.2.5 - Unrestricted File Upload
WordPress Photo Gallery Plugin 1.2.5 - Unrestricted File Upload

Wordpress Video Gallery 2.7.0 - SQL Injection Vulnerability
WordPress Video Gallery 2.7.0 - SQL Injection Vulnerability

Wordpress Survey and Poll Plugin 1.1 - Blind SQL Injection
WordPress Survey and Poll Plugin 1.1 - Blind SQL Injection

Zabbix 2.0.5 - Cleartext ldap_bind_password Password Disclosure (MSF)
Zabbix 2.0.5 - Cleartext ldap_bind_password Password Disclosure (Metasploit)

Calculated Fields Form Wordpress Plugin <= 1.0.10 - Remote SQL Injection Vulnerability
Calculated Fields Form WordPress Plugin <= 1.0.10 - Remote SQL Injection Vulnerability

Wordpress Theme Photocrati 4.x.x - SQL Injection & XSS
WordPress Theme Photocrati 4.x.x - SQL Injection & XSS

Wordpress Theme DesignFolio Plus 1.2 - Arbitrary File Upload Vulnerability
WordPress Theme DesignFolio Plus 1.2 - Arbitrary File Upload Vulnerability

Wordpress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload
WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload

Wordpress Marketplace 2.4.0 - Arbitrary File Download
WordPress Marketplace 2.4.0 - Arbitrary File Download

Wordpress Plugin Slider Revolution <= 4.1.4 - Arbitrary File Download vulnerability
WordPress Plugin Slider Revolution <= 4.1.4 - Arbitrary File Download vulnerability

Wordpress aspose-doc-exporter Plugin 1.0 - Arbitrary File Download Vulnerability
WordPress aspose-doc-exporter Plugin 1.0 - Arbitrary File Download Vulnerability

Wordpress Business Intelligence Plugin - SQL injection
WordPress Business Intelligence Plugin - SQL injection

Wordpress Video Gallery Plugin 2.8 - Multiple CSRF Vulnerabilities
WordPress Video Gallery Plugin 2.8 - Multiple CSRF Vulnerabilities
Wordpress WP Easy Slideshow Plugin 1.0.3 - Multiple Vulnerabilities
Wordpress Simple Ads Manager Plugin - Multiple SQL Injection
Wordpress Simple Ads Manager 2.5.94 - Arbitrary File Upload
Wordpress Simple Ads Manager - Information Disclosure
WordPress WP Easy Slideshow Plugin 1.0.3 - Multiple Vulnerabilities
WordPress Simple Ads Manager Plugin - Multiple SQL Injection
WordPress Simple Ads Manager 2.5.94 - Arbitrary File Upload
WordPress Simple Ads Manager - Information Disclosure

Wordpress Traffic Analyzer Plugin 3.4.2 - Blind SQL Injection
WordPress Traffic Analyzer Plugin 3.4.2 - Blind SQL Injection

Wordpress Windows Desktop and iPhone Photo Uploader Plugin Arbitrary File Upload
WordPress Windows Desktop and iPhone Photo Uploader Plugin Arbitrary File Upload
Wordpress Plugin 'WP Mobile Edition' 2.7 - Remote File Disclosure Vulnerability
Wordpress Duplicator <= 0.5.14 - SQL Injection & CSRF
WordPress Plugin 'WP Mobile Edition' 2.7 - Remote File Disclosure Vulnerability
WordPress Duplicator <= 0.5.14 - SQL Injection & CSRF

Wordpress N-Media Website Contact Form with File Upload 1.3.4 - Shell Upload Vulnerability
WordPress N-Media Website Contact Form with File Upload 1.3.4 - Shell Upload Vulnerability

Wordpress Video Gallery 2.8 - SQL Injection
WordPress Video Gallery 2.8 - SQL Injection

Wordpress Ajax Store Locator 1.2 - SQL Injection Vulnerability
WordPress Ajax Store Locator 1.2 - SQL Injection Vulnerability

Wordpress NEX-Forms < 3.0 - SQL Injection Vulnerability
WordPress NEX-Forms < 3.0 - SQL Injection Vulnerability
Wordpress Reflex Gallery Upload Vulnerability
Wordpress N-Media Website Contact Form Upload Vulnerability
Wordpress Creative Contact Form Upload Vulnerability
Wordpress Work The Flow Upload Vulnerability
WordPress Reflex Gallery Upload Vulnerability
WordPress N-Media Website Contact Form Upload Vulnerability
WordPress Creative Contact Form Upload Vulnerability
WordPress Work The Flow Upload Vulnerability
Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi
Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi (2)
Ultimate Product Catalogue WordPress Plugin - Unauthenticated SQLi
Ultimate Product Catalogue WordPress Plugin - Unauthenticated SQLi (2)

RM Downloader 2.7.5.400 - Local Buffer Overflow (MSF)
RM Downloader 2.7.5.400 - Local Buffer Overflow (Metasploit)

Wordpress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS & CSRF & File Upload
WordPress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS & CSRF & File Upload

Wordpress Freshmail Unauthenticated SQL Injection
WordPress Freshmail Unauthenticated SQL Injection

Wordpress N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion
WordPress N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion

Wordpress RevSlider File Upload and Execute Vulnerability
WordPress RevSlider File Upload and Execute Vulnerability

Wordpress Ad Inserter Plugin 1.5.2 - CSRF Vulnerability
WordPress Ad Inserter Plugin 1.5.2 - CSRF Vulnerability

Wordpress N-Media Website Contact Form with File Upload 1.3.4 - File Upload
WordPress N-Media Website Contact Form with File Upload 1.3.4 - File Upload

Wordpress History Collection <= 1.1.1 - Arbitrary File Download
WordPress History Collection <= 1.1.1 - Arbitrary File Download

Wordpress Video Gallery Plugin 2.8 Arbitrary Mail Relay
WordPress Video Gallery Plugin 2.8 Arbitrary Mail Relay
Wordpress MailChimp Subscribe Forms 1.1 Remote Code Execution
Wordpress church_admin Plugin 0.800 Stored XSS
WordPress MailChimp Subscribe Forms 1.1 Remote Code Execution
WordPress church_admin Plugin 0.800 Stored XSS

Wordpress Really Simple Guest Post <= 1.0.6 - File Include
WordPress Really Simple Guest Post <= 1.0.6 - File Include

Wordpress RobotCPA Plugin V5 - Local File Inclusion
WordPress RobotCPA Plugin V5 - Local File Inclusion
Wordpress Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities
Wordpress Plugin 'WP Mobile Edition' - LFI Vulnerability
WordPress Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities
WordPress Plugin 'WP Mobile Edition' - LFI Vulnerability

Wordpress S3Bubble Cloud Video With Adverts & Analytics 0.7 - Arbitrary File Download
WordPress S3Bubble Cloud Video With Adverts & Analytics 0.7 - Arbitrary File Download
Wordpress CP Image Store with Slideshow Plugin 1.0.5 Arbitrary File Download
Wordpress CP Multi View Event Calendar Plugin 1.1.7 - SQL Injection
WordPress CP Image Store with Slideshow Plugin 1.0.5 Arbitrary File Download
WordPress CP Multi View Event Calendar Plugin 1.1.7 - SQL Injection

Wordpress Finder 'order' Parameter Cross Site Scripting Vulnerability
WordPress Finder 'order' Parameter Cross Site Scripting Vulnerability

Wordpress Slideshow Plugin Multiple Cross Site Scripting Vulnerabilities
WordPress Slideshow Plugin Multiple Cross Site Scripting Vulnerabilities

Wordpress White-Label Framework 2.0.6 - XSS Vulnerability
WordPress White-Label Framework 2.0.6 - XSS Vulnerability

Wordpress Simple Gmail Login Plugin Stack Trace Information Disclosure Vulnerability
WordPress Simple Gmail Login Plugin Stack Trace Information Disclosure Vulnerability

Wordpress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability
WordPress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability

Wordpress Ajax Load More 2.8.1.1 - PHP Upload Vulnerability
WordPress Ajax Load More 2.8.1.1 - PHP Upload Vulnerability
Wordpress Plugin Advanced uploader v2.10 - Multiple Vulnerabilities
Wordpress Plugin Sell Download v1.0.16  - Local File Disclosure
Wordpress Plugin TheCartPress v1.4.7  - Multiple Vulnerabilities
WordPress Plugin Advanced uploader v2.10 - Multiple Vulnerabilities
WordPress Plugin Sell Download v1.0.16  - Local File Disclosure
WordPress Plugin TheCartPress v1.4.7  - Multiple Vulnerabilities

Wordpress Plugin WP Easy Poll 1.1.3 - XSS and CSRF
WordPress Plugin WP Easy Poll 1.1.3 - XSS and CSRF

Siemens Simatic S7 1200 CPU Command Module (MSF)
Siemens Simatic S7 1200 CPU Command Module (Metasploit)

Wordpress Booking Calendar Contact Form Plugin <=1.1.23 - Unauthenticated SQL injection
WordPress Booking Calendar Contact Form Plugin <=1.1.23 - Unauthenticated SQL injection

Wordpress Booking Calendar Contact Form Plugin <=1.1.23 - Shortcode SQL Injection
WordPress Booking Calendar Contact Form Plugin <=1.1.23 - Shortcode SQL Injection

Wordpress Beauty & Clean Theme 1.0.8 - Arbitrary File Upload Vulnerability
WordPress Beauty & Clean Theme 1.0.8 - Arbitrary File Upload Vulnerability

Wordpress Site Import Plugin 1.0.1 - Local and Remote File Inclusion
WordPress Site Import Plugin 1.0.1 - Local and Remote File Inclusion

Wildfly - WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
This commit is contained in:
Offensive Security
2016-03-21 05:03:44 +00:00
parent e67a88eeff
commit 47d7100c18
2 changed files with 456 additions and 432 deletions
865

files.csv

View file

File diff suppressed because it is too large Load diff
23

platforms/windows/webapps/39573.txt Executable file

View file

+Exploit Title: Wildfly: WEB-INF and META-INF Information Disclosure via Filter Restriction Bypass
+Date: 09.02.16
+Exploit Author: Tal Solomon of Palantir Security
+Vendor Homepage: https://bugzilla.redhat.com/show_bug.cgi?id=1305937
+Software Link: http://wildfly.org/downloads/
+Version: This issue effects versions of Wildfly prior to 10.0.0.Final, including 9.0.2.Final, and 8.2.1.Final.
+Tested on: Windows
+CVE : CVE-2016-0793
+An information disclosure of the content of restricted files WEB-INF and META-INF via filter mechanism was reported. Servlet filter restriction mechanism is enforced by two code checks:
+if (path.startsWith("/META-INF") || path.startsWith("META-INF") || path.startsWith("/WEB-INF") || path.startsWith("WEB-INF")) {
+    return false;
+}
+private boolean isForbiddenPath(String path) {
+                return path.equalsIgnoreCase("/meta-inf/") || path.regionMatches(true, 0, "/web-inf/", 0, "/web-inf/".length());
+}
+which can be bypassed using lower case and adding meaningless character to path.
+Proof of Concept Video:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39573.zip
Rows
Columns
DB: 2016-03-21

865 files.csv View file

23 platforms/windows/webapps/39573.txt Executable file Unescape Escape View file

865

files.csv

View file

23

platforms/windows/webapps/39573.txt Executable file

View file
