EDraw Flowchart ActiveX Control 2.3 (EDImage.ocx) Remote DoS Exploit (IE)

Summary Do you want to learn how to draw? Now you can online! Learn how to draw like a local application with Edraw Flowchart ActiveX Control that lets you quickly build basic flowcharts, organizational charts, business charts, hr diagram, work flow, programming flowchart and network diagrams...

BlazeVideo BlazeDVD 5.0 PLF Playlist File Remote Buffer Overflow Exploit

Summary BlazeDVD is leading powerful and easy-to-use DVD player software. It can provide superior video and audioDolby quality, together with other enhanced features:e.g. recording DVD,playback image and DV,bookmark and image capture.etc. Furthermore, besides DVD,Video CD,Audio CD, BlazeDVD...

iScripts EasyCreate 3.0 Multiple Vulnerabilities

Summary iScripts EasyCreate is a private label online website builder. This software allows you to start an online business by offering website building services to your customers. Equipped with drag and drop design functionality, crisp templates and social sharing capabilities, this online websi...

RealtyScript v4.0.2 Multiple Time-based Blind SQL Injection Vulnerabilities

Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...

Dream CMS 2.3.0 CSRF Add Extension And File Upload PHP Code Execution

Summary DreamCMS is open and completely free PHP web application for constructing websites of any complexity. Description Dream CMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain...

Privacyware Privatefirewall 7.0 Unquoted Service Path Privilege Escalation

Summary Privatefirewall multi-layered endpoint security software protects 32 and 64 bit Windows desktops and servers from malware and unauthorized use. Personal firewall, packet inspection, URL filtering, anti-logger, process monitor, and application/system behavior modeling and anomaly detection...

CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability

Summary CorelDRAW is one of the image-creating programs in a suite of graphic arts software used by professional artists, educators, students, businesses and the general public. The CorelDRAW Graphics Suite X7, which includes CorelDRAW, is sold as stand-alone software and as a cloud-based...

Anfibia Reactor 2.1.1 (login.do) Remote XSS POST Injection Vulnerability

Summary Fast web-based server monitoring. Keep an eye on servers, connections, databases, cpu, hard drives and more! Description The Anfibia Reactor JS service suffers from a XSS vulnerability when parsing user input to the 'email' parameter via POST method in 'reactor/login.do' script at the...

Nevercenter Silo 2.1.1 Insecure Library Loading Vulnerability

Summary Silo 2 is a focused 3D modeling application with the ability to effortlessly switch between organically sculpting high-polygon models and precisely controlling hard-edged surfaces. It can be used for anything from creating 3D characters for video games and movies to quickly exploring 3D...

Media Player Classic 6.4.9.1 (iacenc.dll) DLL Hijacking Exploit

Summary Media Player Classic MPC is a compact media player for 32-bit Microsoft Windows. The application mimics the look and feel of the old, lightweight Windows Media Player 6.4 but integrates most options and features found in modern media players. It and its forks are standard media players in...

Pachno 1.0.6 Wiki TextParser XXE Vulnerability

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

CyberPower Systems PowerPanel 3.1.2 XXE Out-Of-Band Data Retrieval

Summary The PowerPanel® Business Edition software from CyberPower provides IT professionals with the tools they need to easily monitor and manage their backup power. Available for compatible CyberPower UPS models, this software supports up to 250 clients, allowing users remote access from any...

iniNet SpiderControl PLC Editor Simatic 6.30.04 Insecure File Permissions

Summary Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large range of engineering modules together quickly. We modularize our software, as the mechanics of a system are modularized today. Easy to visualize with a few clicks. Description...

Zenario CMS 7.0.7c Remote Code Execution Vulnerability

Summary Zenario is a web-based content management system for sites with one or many languages. It's designed to grow with your site, adding extranet, online database and custom functionality when you need it. Description The vulnerability is caused due to the improper verification of uploaded fil...

MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities

Summary More than poll is a polling system with a powerful administration tool. It features: multiple pools, templates, unlimited options, IP Logging, cookie support, and more. Description MTP Poll script suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered...

Subrion CMS 2.2.1 CSRF Add Admin Exploit

Summary Subrion is a free open source content management system. It's written in PHP 5 and utilizes MySQL database. Subrion CMS can be easily integrated into your current website or used as a stand alone platform. It's extremely flexible and scalable php system that stands for a content managemen...

Adobe ExtendedScript Toolkit CS5 v3.5.0.52 (dwmapi.dll) DLL Hijacking Exploit

Summary The ExtendScript Toolkit ESTK 3.5.0 is a scripting utility included with Adobe® Creative Suite CS5 and other Adobe applications. The ESTK is used for creating, editing, and debugging JavaScript to be used for scripting Adobe applications. Description Adobe ExtendScript Toolkit CS5 suffers...

Google SketchUp Pro 7.0 (.skp file) Remote Stack Overflow PoC

Summary Google SketchUp Pro 7 is a suite of powerful features and applications for streamlining your professional 3D workflow. Description Google SketchUp Pro 7.0 suffers from a stack overflow vulnerability. It fails to handle the .skp file format resulting in crash overflowing the memory stack,...

ViPlay3 <= 3.00 (.vpl) Local Stack Overflow PoC

Summary ViPlay3 is a freeware movie player designed to play the most popular movie types using overlaying technology for a faster and more efficient way of video playback. Description URUWorks ViPlay3 is prone to a remote buffer-overflow vulnerability because the application fails to perform...

InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

LimeSurvey v2.00+ (build 131107) Script Insertion And SQL Injection Vulnerability

Summary LimeSurvey formerly PHPSurveyor is a free and open source on-line survey application written in PHP based on a MySQL, PostgreSQL or MSSQL database, distributed under the GNU General Public License. As a web server-based software it enables users to develop and publish on-line surveys, and...

Windu CMS 2.2 Multiple Persistent Cross-Site Scripting Vulnerabilities

Summary Windu CMS is a simple, lightweight and fun-to-use website content management software. Description Multiple stored XSS vulnerabilities exist when parsing user input to the 'name' and 'username' POST parameters. Attackers can exploit these weaknesses to execute arbitrary HTML and script co...

AContent 1.1 Multiple SQL Injection Vulnerabilities

Summary AContent is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. Description Input passed via...

AChecker 1.2 Multiple Remote XSS/PD Vulnerabilities

Summary AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines. Description AChecker suffers from multiple cross-site scripting and path disclosure vulnerabilities. Input thru...

WinMerge v2.12.4 Project File Handling Stack Overflow Vulnerability

Summary WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle. WinMerge is highly useful for determining what has changed between project versions, and...

MODx Revolution CMS 2.0.4-pl2 Remote XSS POST Injection Vulnerability

Summary MODx Revolution is a powerful PHP Content Management Framework that plays nicely with custom code and helps you build sites faster and maintain them with ease. With Revolution you'll leverage the best things to come around since MVC and Active Record. Description The MODx Revolution CMS...

Talkative IRC 0.4.4.16 Remote Stack Overflow Exploit (SEH)

Summary The easiest and fastest way to meet people online. With Talkative IRC you can chat with thousands of people at the same time. Find people with the same interests as you. Join channels where you can meet people speaking your language, or start your own. No monthly fees or other hassle, jus...

OpenMRS 2.3 (1.11.4) XML External Entity (XXE) Processing PoC Exploit

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)

Summary MiwoFTP is a smart, fast and lightweight file manager plugin that operates from the back-end of WordPress. Description MiwoFTP WP Plugin suffers from a cross-site request forgery remote code execution vulnerability. The application allows users to perform certain actions via HTTP requests...

qEngine CMS 6.0.0 Remote Code Execution

Summary qEngine qE is a lightweight, fast, yet feature packed CMS script to help you building your site quickly. Using template engine to separate the php codes from the design, you don't need to touch the codes to design your web site. qE is also expandable by using modules. Description qEngine...

Huawei Technologies eSpace Meeting Service 1.0.0.23 Local Privilege Escalation

Summary Huawei's eSpace Meeting solution fully meets the needs of enterprise customers for an integrated daily collaboration system by integrating the conference server, conference video terminal, conference user authorization, and teleconference. Description The application is vulnerable to an...

KindEditor 4.1.2 (name parameter) Reflected XSS Vulnerability

Summary KindEditor online HTML editor is a set of open source, mainly for users on the site to get WYSIWYG editing effects, developers can replace the traditional multi-line text input box textarea KindEditor rich visualization text input box. Description KindEditor is prone to a reflected...

WampServer <= 2.2c (lang) Remote Cross-Site Scripting Vulnerability

Summary WampServer is a Windows web development environment. It allows you to create web applications with Apache2, PHP and a MySQL database. Description WampServer is vulnerable to cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-suppli...

AContent 1.1 (category_name) Remote Script Insertion Vulnerability

Summary AContent is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. Description AContent suffers...

DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities

Summary DoceboLMS is a SCORM compliant Open Source e-Learning platform used in corporate, government and education markets. Description DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters 'name', 'code' and 'title' in index.php is not...

eCardMAX 10.5 Multiple Vulnerabilities

Summary eCardMax is the most trusted, powerful and dynamic online ecard software solution. It enables you to create your own ecard website with many of the advanced features found on other major sites. Starting your own ecard website with eCardMax is fast and easy. Description eCardMAX suffers fr...

Real Estate Portal v4.1 Remote Code Execution and Persistent XSS Vulnerabilities

Summary Real Estate Portal is a software written in PHP, allowing you to launch powerful and professional looking real estate portals with rich functionalities for the private sellers, buyers and real estate agents to list properties for sale or rent, search in the database, show featured ads and...

OpenMRS 2.3 (1.11.4) Local File Disclosure Vulnerability

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...

NULL NUKE CMS v2.2 Multiple Vulnerabilities

Summary NULL-8x3-NUKE is a fast, powerful and secure cross platform CMS for windows and Linux using base or full drive paths. Description NULL NUKE CMS suffers from multiple remote vulnerabilities including Stored/Reflected XSS, SQL Injection, Arbitrary File Upload, RCE, Arbitrary File Deletion,...

Cart Engine 3.0.0 Remote Code Execution

Summary Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL. Unique features of Cart Engine include: CMS engine based on our qEngine, product options, custom fields, digital products, search engine friendly URL, user...

Cart Engine 3.0.0 Database Backup Disclosure Exploit

Summary Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL. Unique features of Cart Engine include: CMS engine based on our qEngine, product options, custom fields, digital products, search engine friendly URL, user...

AbanteCart 1.1.3 (index.php) Multiple Reflected XSS Vulnerabilities

Summary AbanteCart is a free PHP based eCommerce solution for merchants to provide ability creating online business and sell products online quick and efficient. Description AbanteCart suffers from multiple reflected cross-site scripting vulnerabilities. The issues are triggered when input passed...

Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities

Summary Anchor is a content management system, written in PHP5, built for art-directed posts. Description Anchor CMS suffers from multiple stored and reflected XSS vulnerabilities when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute...

Valve Steam Client Application v1559/1559 Local Privilege Escalation

Summary Steam is a digital distribution, digital rights management, multiplayer and communications platform developed by Valve Corporation. It is used to distribute games and related media online, from small independent developers to larger software houses. Steam also has community features,...

Pointter PHP Content Management System 1.2 Multiple Vulnerabilities

Summary Pointter PHP Content Management System is an advanced, fast and user friendly CMS script that can be used to build simple websites or professional websites with product categorization, product blogs, member login and search modules. The webmaster can create unlimited static page boxes,...

Zortam MP3 Player 1.50 (m3u) Integer Division by Zero Exploit

Summary Zortam Mp3 Player will enable you to listen all your favorite tracks and at the same time enjoy a show of lights and images visualizing the covers of your albums and song lyrics. Description Zortam Mp3 Player suffers from a division by zero attack when handling .m3u files, resulting in...

ZKTeco ZKBioSecurity 3.0 Multiple XSS Vulnerabilities

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

Wowza Streaming Engine 4.5.0 Cleartext Storage Of Sensitive Information

Summary Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device. Description The application...

Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description Centreon suffers from a stored XSS vulnerability. Input passed thru the POST parameter 'imgcomment' is not...

up.time 7.5.0 Superadmin Privilege Escalation Exploit

Summary The next-generation of IT monitoring software. Description up.time suffers from a privilege escalation issue. Normal user can elevate his/her privileges by sending a POST request seting the parameter 'userroleid' to 1. Attacker can exploit this issue using also cross-site request forgery...