A directory traversal vulnerability in wodWebServer.NET version 1.3.3 can be exploited to read files outside of the web root.
808b9c99fe76c207b01940a1506d3a27ab6b89ba66993fc79f2234e50ed86d4c
A reflected cross site scripting vulnerability in Web Edition version 6.1.0.2 can be exploited to execute arbitrary JavaScript.
684bc8f7aa4227ba5958a54efd458df5217d4e69c43832ae947fc3b68d95179e
A local file inclusion vulnerability in Web Edition version 6.1.0.2 can be exploited to include arbitrary files.
22592930540da997abc6dcef41fa3deba2041de82eca9248a0919023dfc136a3
A persistent cross site scripting vulnerability in PyroCMS version 1.1.0 can be exploited to execute arbitrary JavaScript.
93d7260c861238534b00a99f001f285b03bea110189be2a23e57af8dffa3d11c
A reflected cross site scripting vulnerability in OrangeHRM version 2.6.2 can be exploited to execute arbitrary JavaScript.
e1e0999427b1f8fea1d397e6a3d4820d7e5a7aa7fb16ca65caeb6f25651cc3cb
A reflected cross site scripting vulnerability in FengOffice version 1.7.4 can be exploited to execute arbitrary JavaScript.
23afa80a29b45761e472c07d78ee3260b3c3df95eabc2bb740432894ab8a74df
An arbitrary upload vulnerability in FengOffice version 1.7.4 can be exploited to upload a PHP shell.
197eebe51fd061bbb0ac0bec9e4112227a448b7719c79daf03bcbc89767fd605
A cross site request forgery vulnerability in Abyss Web Server X1 version 2.6 can be exploited to change the admin password.
b31bb74b456e921322106b26258e67931929a9740b5abeb220da8d8a309d0d30
Included in this archive is a private rootkit found in the wild that uses libcall hijacking. A detailed research analysis of how it functions has been created and is in the ncom.txt file.
796fea476f1404100a509b2b4c0c463f28d539d1bb611efada016038aad1d7a1
FLVPlayer4Free version 2.9 stack overflow exploit that creates a .fp4f file that will spawn a reverse tcp shell.
37d19f8f8854da4184e1fff165c980aee6b6fd75b2de15faf52b8e76d1add620
Debian Linux Security Advisory 2204-1 - Moritz Naumann discovered that imp4, a webmail component for the horde framework, is prone to cross-site scripting attacks by a lack of input sanitizing of certain fetchmail information.
75b794e01a93ab6397be645fef518b28fe0aa9ecf3b4f695da3b856403588466
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
0987d1c1da44e613090a8f08fa476f61cb59a9394ed348e14243ad86141b4901
The Linux version of xpdf is linked against t1lib, which is vulnerable to multiple vulnerabilities including off by ones, integer overflows and heap corruptions. At least one of those is exploitable and allows arbitrary code to be executed on the target machine when opening a specially crafted pdf file.
cde36b4c326f4058f72f66b8fe4a29b09dd60fc123357793a2b5fddd8074c956
Cetera eCommerce versions 14.0 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
a74020e57c6b326924ae2720bf25803b081b9b7fe9130f12e1328d124f56c8b3
The Joomla Media component suffers from a local file inclusion vulnerability.
08fff2e02641c3923ad1b949173c570d49d22765cc8a28116b8b02dd23a5beb4
DivX Player version 7.0 buffer overflow exploits that create malicious .avi, .ape, and .mid overflows.
1495e30042c6e3112df837ce049461c422aa583f3fa9b154e80f0081a1bf887c
Windows Media Player version 11.0 .ape buffer overflow exploit.
6e993886c51499df3625f6e2fbfaf315ffbcccce9509520bc408dc3abceb8826
RealPlayer version 11.0 local buffer overflow exploit that creates a malicious .rmp file.
e39b3f31309199328b1b444751282e16f5cc09c6669c77aaed52bc4dd7237d46
Whitepaper discussing cross site scripting, bypassing techniques, and the usefulness of these attacks.
e6db4a2a2b09265739ef2221cc69c49975d5b6ed87df3146923008646935f4fd
Eircom Netopia Routers suffers from multiple backdoor vulnerabilities that allow for remote privilege escalation.
71bcdd74f2f246a4e1c36551a5c8752d3b4b4478ddc329287636a9d46a506f73
Whitepaper called Creating a SQL Injection Scanner in Python, or Criando um Scanner de SQL Injection em Python. Written in Portuguese.
04e6b52c3d9fb964c85a02dbb1313e8b952111bc5ec49d023bef8481875b7063
MySQL.com suffered from a remote blind SQL injection vulnerability.
c12cb947f8d7991ebab12da7bd232f56b1ba2144aa99196a42cfff37298a17fb
McAfee.com suffers from cross site scripting and information disclosure vulnerabilities.
a1ea4208fa408a61722fb712aa3542c450c87c836616651be82c3a8092638e51
eXPert PDF Editor version 7.0.880.0 local crash exploit.
2266b94afd7cd2cbfc74cd301207a22d520fb153ee762e38eeb695b25e625fa9