exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	35000196e1	DB: 2016-09-27 11 new exploits Berlios gpsd 2.7.x - Remote Format String Berlios GPSD 2.7.x - Remote Format String bitweaver 1.3 - (tmpImagePath) Attachment mod_mime Exploit Bitweaver 1.3 - (tmpImagePath) Attachment mod_mime Exploit Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (1) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (1) boastMachine 3.1 - (mail.php id) SQL Injection BoastMachine 3.1 - 'mail.php' id SQL Injection BIGACE 2.4 - Multiple Remote File Inclusion BigACE 2.4 - Multiple Remote File Inclusion attachmax dolphin 2.1.0 - Multiple Vulnerabilities Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities AtomixMP3 <= 2.3 - (Playlist) Universal Overwrite (SEH) AtomixMP3 <= 2.3 - 'Playlist' Universal Overwrite (SEH) BIGACE CMS 2.5 - 'Username' SQL Injection BigACE CMS 2.5 - 'Username' SQL Injection BIGACE CMS 2.6 - (cmd) Local File Inclusion BigACE CMS 2.6 - (cmd) Local File Inclusion Avast AntiVirus 4.8.1351.0 - Denial of Service / Privilege Escalation Avast! AntiVirus 4.8.1351.0 - Denial of Service / Privilege Escalation DistCC Daemon - Command Execution (Metasploit) DistCC Daemon - Command Execution (Metasploit) (1) Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (1) Avast 4.8.1351.0 AntiVirus - aswMon2.sys Kernel Memory Corruption Avast! 4.8.1351.0 AntiVirus - aswMon2.sys Kernel Memory Corruption bitrix site manager 4.0.5 - Remote File Inclusion Bitrix Site Manager 4.0.5 - Remote File Inclusion boastMachine 3.1 - Arbitrary File Upload BoastMachine 3.1 - Arbitrary File Upload blog system 1.5 - Multiple Vulnerabilities Blog System 1.5 - Multiple Vulnerabilities b2b gold script - 'id' SQL Injection B2B Gold Script - 'id' SQL Injection TinyBrowser - Arbitrary File Upload Wordpress Plugin TinyBrowser - Arbitrary File Upload Nginx http server 0.6.36 - Directory Traversal Nginx 0.6.36 - Directory Traversal atomic photo album 1.0.2 - Multiple Vulnerabilities Atomic Photo Album 1.0.2 - Multiple Vulnerabilities Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (1) Bigace_2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC) BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC) bitweaver 2.8.1 - Persistent Cross-Site Scripting Bitweaver 2.8.1 - Persistent Cross-Site Scripting bitweaver 2.8.0 - Multiple Vulnerabilities Bitweaver 2.8.0 - Multiple Vulnerabilities Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (2) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (2) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (2) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (2) DistCC Daemon - Command Execution (Metasploit) DistCC Daemon - Command Execution (Metasploit) (2) Bigace 2.7.5 - Arbitrary File Upload BigACE 2.7.5 - Arbitrary File Upload atutor 2.0.2 - Multiple Vulnerabilities ATutor 2.0.2 - Multiple Vulnerabilities boastMachine 3.1 - Cross-Site Request Forgery (Add Admin) BoastMachine 3.1 - Cross-Site Request Forgery (Add Admin) Microsoft Windows - RegLoadAppKey Hive Enumeration Privilege Escalation (MS16-111) atmail email server Appliance 6.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Remote Code Execution AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Remote Code Execution Macro Expert 4.0 - Multiple Privilege Escalations axigen mail server 8.0.1 - Persistent Cross-Site Scripting Axigen Mail Server 8.0.1 - Persistent Cross-Site Scripting Iperius Remote 1.7.0 - Unquoted Service Path Privilege Escalation MSI - NTIOLib.sys / WinIO.sys Local Privilege Escalation Elantech-Smart Pad 11.9.0.0 - Unquoted Service Path Privilege Escalation Joomla! Component Event Booking 2.10.1 - SQL Injection NetDrive 2.6.12 - Unquoted Service Path Privilege Escalation bitweaver 2.8.1 - Multiple Vulnerabilities Bitweaver 2.8.1 - Multiple Vulnerabilities Contrexx CMS egov Module 1.0.0 - SQL Injection Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111) White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting Wordpress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting atutor 1.2 - Multiple Vulnerabilities ATutor 1.2 - Multiple Vulnerabilities Joomla Component Huge-IT Video Gallery 1.0.9 - SQL Injection Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Clockstone and other CMSMasters Theme - Arbitrary File Upload Wordpress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload Nginx HTTP Server 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit) Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit) BuilderEngine 3.5.0 - Arbitrary File Upload PHP Charts 1.0 - (index.php type Parameter) Remote Code Execution PHP-Charts 1.0 - (index.php type Parameter) Remote Code Execution Bigace CMS 2.7.8 - Cross-Site Request Forgery (Add Admin) BigACE CMS 2.7.8 - Cross-Site Request Forgery (Add Admin) BoastMachine 3.1 - admin.php Cross-Site Scripting BoastMachine 3.1 - 'admin.php' Cross-Site Scripting Western Digital Arkeia - Remote Code Execution (Metasploit) Western Digital Arkeia - Remote Code Execution (Metasploit) (1) Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting Wordpress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting Redoable 1.2 Theme - header.php s Parameter Cross-Site Scripting Wordpress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery Wordpress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery boastMachine 2.8 - 'index.php' Local File Inclusion BoastMachine 2.8 - 'index.php' Local File Inclusion TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting Wordpress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting boastMachine 3.1 - 'key' Parameter Cross-Site Scripting BoastMachine 3.1 - 'key' Parameter Cross-Site Scripting Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities Creative Contact Form 0.9.7 - Arbitrary File Upload Wordpress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting Wordpress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting Paid Memberships Pro 1.7.14.2 - Directory Traversal Wordpress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal DukaPress 2.5.2 - Directory Traversal Wordpress Plugin DukaPress 2.5.2 - Directory Traversal Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection Wordpress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting Wordpress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting Duplicator 0.5.8 - Privilege Escalation Wordpress Plugin Duplicator 0.5.8 - Privilege Escalation VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload Wordpress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload Shareaholic 7.6.0.3 - Cross-Site Scripting Wordpress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting Paypal Currency Converter Basic For WooCommerce - File Read Wordpress Plugin Paypal Currency Converter Basic For WooCommerce - File Read Wordpess Simple Photo Gallery 1.7.8 - Blind SQL Injection Wordpress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting Wordpress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting Wordpress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting Wordpress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting Wordpress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting Western Digital Arkeia - Remote Code Execution (Metasploit) Western Digital Arkeia - Remote Code Execution (Metasploit) (2) Multiple WordPress Themes WPScientist - Arbitrary File Upload Multiple WordPress WPScientist Themes - Arbitrary File Upload EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities Wordpress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities Avast AntiVirus - X.509 Error Rendering Command Execution Avast! AntiVirus - X.509 Error Rendering Command Execution Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting Wordpress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities Wordpress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities Avast - OOB Write Decrypting PEncrypt Packed executables Avast - JetDb::IsExploited4x Performs Unbounded Search on Input Avast - Heap Overflow Unpacking MoleBox Archives Avast - Integer Overflow Verifying numFonts in TTC Header Avast! - OOB Write Decrypting PEncrypt Packed executables Avast! - JetDb::IsExploited4x Performs Unbounded Search on Input Avast! - Heap Overflow Unpacking MoleBox Archives Avast! - Integer Overflow Verifying numFonts in TTC Header BIGACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal BigACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal Simple Ads Manager 2.9.4.116 - SQL Injection Wordpress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation Avast - Authenticode Parsing Memory Corruption Avast! - Authenticode Parsing Memory Corruption Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting Wordpress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting Job Script by Scubez - Remote Code Execution Wordpress Plugin Job Script by Scubez - Remote Code Execution Premium SEO Pack 1.9.1.3 - wp_options Overwrite Wordpress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite Ocomon 2.0 - SQL Injection	2016-09-27 05:01:25 +00:00
Offensive Security	fffbf04102	Updated	2013-12-03 19:44:07 +00:00

Author

SHA1

Message

Date

Offensive Security

35000196e1

DB: 2016-09-27

11 new exploits

Berlios gpsd 2.7.x - Remote Format String
Berlios GPSD 2.7.x - Remote Format String

bitweaver 1.3 - (tmpImagePath) Attachment mod_mime Exploit
Bitweaver 1.3 - (tmpImagePath) Attachment mod_mime Exploit

Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit)
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (1)

D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (1)

boastMachine 3.1 - (mail.php id) SQL Injection
BoastMachine 3.1 - 'mail.php' id SQL Injection

BIGACE 2.4 - Multiple Remote File Inclusion
BigACE 2.4 - Multiple Remote File Inclusion

attachmax dolphin 2.1.0 - Multiple Vulnerabilities
Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities

AtomixMP3 <= 2.3 - (Playlist) Universal Overwrite (SEH)
AtomixMP3 <= 2.3 - 'Playlist' Universal Overwrite (SEH)

BIGACE CMS 2.5 - 'Username' SQL Injection
BigACE CMS 2.5 - 'Username' SQL Injection

BIGACE CMS 2.6 - (cmd) Local File Inclusion
BigACE CMS 2.6 - (cmd) Local File Inclusion

Avast AntiVirus 4.8.1351.0 - Denial of Service / Privilege Escalation
Avast! AntiVirus 4.8.1351.0 - Denial of Service / Privilege Escalation

DistCC Daemon - Command Execution (Metasploit)
DistCC Daemon - Command Execution (Metasploit) (1)

Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit)
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (1)

Avast 4.8.1351.0 AntiVirus - aswMon2.sys Kernel Memory Corruption
Avast! 4.8.1351.0 AntiVirus - aswMon2.sys Kernel Memory Corruption

bitrix site manager 4.0.5 - Remote File Inclusion
Bitrix Site Manager 4.0.5 - Remote File Inclusion

boastMachine 3.1 - Arbitrary File Upload
BoastMachine 3.1 - Arbitrary File Upload

blog system 1.5 - Multiple Vulnerabilities
Blog System 1.5 - Multiple Vulnerabilities

b2b gold script - 'id' SQL Injection
B2B Gold Script - 'id' SQL Injection

TinyBrowser - Arbitrary File Upload
Wordpress Plugin TinyBrowser - Arbitrary File Upload

Nginx http server 0.6.36 - Directory Traversal
Nginx 0.6.36 - Directory Traversal

atomic photo album 1.0.2 - Multiple Vulnerabilities
Atomic Photo Album 1.0.2 - Multiple Vulnerabilities

Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (1)

Bigace_2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC)
BigACE 2.7.3 - Cross-Site Request Forgery (Change Admin Password) (PoC)

bitweaver 2.8.1 - Persistent Cross-Site Scripting
Bitweaver 2.8.1 - Persistent Cross-Site Scripting

bitweaver 2.8.0 - Multiple Vulnerabilities
Bitweaver 2.8.0 - Multiple Vulnerabilities

Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit)
Wyse Rapport Hagent Fake Hserver - Command Execution (Metasploit) (2)

D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit)
D-Link DWL-G132 - Wireless Driver Beacon Rates Overflow (Metasploit) (2)

Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit)
Novell iPrint Client - ActiveX Control call-back-url Buffer Overflow (Metasploit) (2)

Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit)
Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (2)

DistCC Daemon - Command Execution (Metasploit)
DistCC Daemon - Command Execution (Metasploit) (2)

Bigace 2.7.5 - Arbitrary File Upload
BigACE 2.7.5 - Arbitrary File Upload

atutor 2.0.2 - Multiple Vulnerabilities
ATutor 2.0.2 - Multiple Vulnerabilities

boastMachine 3.1 - Cross-Site Request Forgery (Add Admin)
BoastMachine 3.1 - Cross-Site Request Forgery (Add Admin)

Microsoft Windows - RegLoadAppKey Hive Enumeration Privilege Escalation (MS16-111)

atmail email server Appliance 6.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Remote Code Execution
AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Remote Code Execution

Macro Expert 4.0 - Multiple Privilege Escalations

axigen mail server 8.0.1 - Persistent Cross-Site Scripting
Axigen Mail Server 8.0.1 - Persistent Cross-Site Scripting

Iperius Remote 1.7.0 - Unquoted Service Path Privilege Escalation

MSI - NTIOLib.sys / WinIO.sys Local Privilege Escalation

Elantech-Smart Pad 11.9.0.0 - Unquoted Service Path Privilege Escalation

Joomla! Component Event Booking 2.10.1 - SQL Injection

NetDrive 2.6.12 - Unquoted Service Path Privilege Escalation

bitweaver 2.8.1 - Multiple Vulnerabilities
Bitweaver 2.8.1 - Multiple Vulnerabilities
Contrexx CMS egov Module 1.0.0 - SQL Injection
Microsoft Windows 10 10586 (x32/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)

White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
Wordpress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

atutor 1.2 - Multiple Vulnerabilities
ATutor 1.2 - Multiple Vulnerabilities

Joomla Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection

Clockstone and other CMSMasters Theme - Arbitrary File Upload
Wordpress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload

Nginx HTTP Server 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit)
Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit)

BuilderEngine 3.5.0 - Arbitrary File Upload

PHP Charts 1.0 - (index.php type Parameter) Remote Code Execution
PHP-Charts 1.0 - (index.php type Parameter) Remote Code Execution

Bigace CMS 2.7.8 - Cross-Site Request Forgery (Add Admin)
BigACE CMS 2.7.8 - Cross-Site Request Forgery (Add Admin)

BoastMachine 3.1 - admin.php Cross-Site Scripting
BoastMachine 3.1 - 'admin.php' Cross-Site Scripting

Western Digital Arkeia - Remote Code Execution (Metasploit)
Western Digital Arkeia - Remote Code Execution (Metasploit) (1)

Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting
Wordpress Plugin Quick Paypal Payments 3.0 - Presistant Cross-Site Scripting

Redoable 1.2 Theme - header.php s Parameter Cross-Site Scripting
Wordpress Theme Redoable 1.2 - header.php s Parameter Cross-Site Scripting

Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery
Wordpress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery

boastMachine 2.8 - 'index.php' Local File Inclusion
BoastMachine 2.8 - 'index.php' Local File Inclusion

TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting
Wordpress Plugin TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting

boastMachine 3.1 - 'key' Parameter Cross-Site Scripting
BoastMachine 3.1 - 'key' Parameter Cross-Site Scripting

Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin Firestats 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities

WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities

Creative Contact Form 0.9.7 - Arbitrary File Upload
Wordpress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload

Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting
Wordpress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting

Paid Memberships Pro 1.7.14.2 - Directory Traversal
Wordpress Plugin Paid Memberships Pro 1.7.14.2 - Directory Traversal

DukaPress 2.5.2 - Directory Traversal
Wordpress Plugin DukaPress 2.5.2 - Directory Traversal

Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection
Wordpress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection

WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting
Wordpress Plugin WonderPlugin Audio Player 2.0 - Blind SQL Injection / Cross-Site Scripting

Duplicator 0.5.8 - Privilege Escalation
Wordpress Plugin Duplicator 0.5.8 - Privilege Escalation

VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
Wordpress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload

Shareaholic 7.6.0.3 - Cross-Site Scripting
Wordpress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting

Paypal Currency Converter Basic For WooCommerce - File Read
Wordpress Plugin Paypal Currency Converter Basic For WooCommerce - File Read

Wordpess Simple Photo Gallery 1.7.8 - Blind SQL Injection
Wordpress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection

Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities
Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting
PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting
Wordpress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting
Wordpress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting
Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities
LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting
Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting
Wordpress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting
Wordpress Plugin Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting

Western Digital Arkeia - Remote Code Execution (Metasploit)
Western Digital Arkeia - Remote Code Execution (Metasploit) (2)

Multiple WordPress Themes WPScientist - Arbitrary File Upload
Multiple WordPress WPScientist Themes - Arbitrary File Upload

EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities
Wordpress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities

Avast AntiVirus - X.509 Error Rendering Command Execution
Avast! AntiVirus - X.509 Error Rendering Command Execution

Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting
Wordpress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting

miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
Wordpress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities
Avast - OOB Write Decrypting PEncrypt Packed executables
Avast - JetDb::IsExploited4x Performs Unbounded Search on Input
Avast - Heap Overflow Unpacking MoleBox Archives
Avast - Integer Overflow Verifying numFonts in TTC Header
Avast! - OOB Write Decrypting PEncrypt Packed executables
Avast! - JetDb::IsExploited4x Performs Unbounded Search on Input
Avast! - Heap Overflow Unpacking MoleBox Archives
Avast! - Integer Overflow Verifying numFonts in TTC Header

BIGACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal
BigACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal

Simple Ads Manager 2.9.4.116 - SQL Injection
Wordpress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection

MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation
MySQL / MariaDB / PerconaDB 5.5.51 / 5.6.32 / 5.7.14 - Code Execution / Privilege Escalation

Avast - Authenticode Parsing Memory Corruption
Avast! - Authenticode Parsing Memory Corruption

Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting
Wordpress Plugin Acunetix WP Security Plugin 3.0.3 - Cross-Site Scripting

Job Script by Scubez - Remote Code Execution
Wordpress Plugin Job Script by Scubez - Remote Code Execution

Premium SEO Pack 1.9.1.3 - wp_options Overwrite
Wordpress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite

Ocomon 2.0 - SQL Injection

2016-09-27 05:01:25 +00:00

Offensive Security

fffbf04102

Updated

2013-12-03 19:44:07 +00:00

2 commits