1103 matches found
iBrowser Plugin v1.4.1 (lang) Local File Inclusion Vulnerability
Summary iBrowser is an image browser plugin for WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor developed by net4visions. It allows image browsing, resizing on upload, directory management and more with the integration of the phpThumb image library. Description iBrowser suffers...
iManager Plugin v1.2.8 (d) Remote Arbitrary File Deletion Vulnerability
Summary With iManager you can manage your files/images on your webserver, and it provides user interface to most of the phpThumb functions. It works either stand-alone or as a plugin to WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor. Description Input passed to the 'd' paramete...
iManager Plugin v1.2.8 (lang) Local File Inclusion Vulnerability
Summary With iManager you can manage your files/images on your webserver, and it provides user interface to most of the phpThumb functions. It works either stand-alone or as a plugin to WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor. Description iManager suffers from a file...
Mini FTP Server 1.1 Buffer Corruption Remote Denial Of Service Exploit
Summary Minimal FTP server for windows. Uses only managed code. Works with Total commander. Description MiniFTPServer suffers from a denial of service vulnerability when passing large number of bytes after authentication, resulting in a crash. No need for a valid FTP command to exploit this issue...
ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities
Summary ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT effectively. It helps you implement ITIL best practices and troubleshoot IT service requests faster. ServiceDesk Plus is a highly customizable, easy-to-implement help desk software. Description The...
F-Secure BlackLight 2.2.1092 Local Privilege Escalation Vulnerability
Summary F-Secure BlackLight is a tool that detects files, folders and processes hidden from the user and other programs. BlackLight is also able to remove hidden malware by renaming them. Description The rootkit eliminator is vulnerable to an elevation of privileges vulnerability which can be use...
AContent 1.1 Multiple Cross-Site Scripting Vulnerabilities
Summary AContent is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. Description AContent suffers...
AContent 1.1 Multiple SQL Injection Vulnerabilities
Summary AContent is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. Description Input passed via...
AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities
Summary AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines. Description Input passed via the parameter 'myownpatchid' in '/updater/patchedit.php' and the parameter 'id' in...
AChecker 1.2 Multiple Remote XSS/PD Vulnerabilities
Summary AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines. Description AChecker suffers from multiple cross-site scripting and path disclosure vulnerabilities. Input thru...
AContent 1.1 (category_name) Remote Script Insertion Vulnerability
Summary AContent is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. Description AContent suffers...
ATutor 2.0.2 (lang) HTTP Response Splitting Vulnerability
Summary ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and adaptability in mind. Educators can quickly assemble, package, and redistribute Web-based instructional content, easily retrieve and import prepackaged content, and conduct their...
ATutor 2.0.2 Multiple Remote Vulnerabilities (SQLi/XSS/PD)
Summary ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and adaptability in mind. Educators can quickly assemble, package, and redistribute Web-based instructional content, easily retrieve and import prepackaged content, and conduct their...
Digital Scribe 1.5 (register_form()) Multiple POST XSS Vulnerabilities
Summary The Digital Scribe is a free, intuitive system designed to help teachers put student work and homework assignments online. Description Digital Scribe suffers from multiple POST XSS vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized...
Online Grades 3.2.5 Multiple XSS Vulnerabilities
Summary Online Grades is the leading free-software project that allows K-12+ student grades attendance information to be posted onto a dynamic web site. Description Online Grades suffers from multiple cross-site scripting vulns. The issue is triggered when input passed via multiple parameters to...
PG eLMS Pro vDEC_2007_01 Multiple Blind SQL Injection Vulnerabilities
Summary eLMS Pro solution is an outstanding and yet simple Learning Management system. Our product is designed for any education formations: from small distance training companies up to big colleges and universities. The system allows to build courses, import SCORM content, deploy online learning...
PG eLMS Pro vDEC_2007_01 (contact_us.php) Multiple POST XSS Vulnerabilities
Summary eLMS Pro solution is an outstanding and yet simple Learning Management system. Our product is designed for any education formations: from small distance training companies up to big colleges and universities. The system allows to build courses, import SCORM content, deploy online learning...
TCExam <=11.2.011 Multiple SQL Injection Vulnerabilities
Summary TCExam is a FLOSS system for electronic exams also know as CBA - Computer-Based Assessment, CBT - Computer-Based Testing or e-exam that enables educators and trainers to author, schedule, deliver, and report on quizzes, tests and exams. Description Input passed via multiple parameters to...
TCExam <=11.2.011 Multiple Cross-Site Scripting Vulnerabilities
Summary TCExam is a FLOSS system for electronic exams also know as CBA - Computer-Based Assessment, CBT - Computer-Based Testing or e-exam that enables educators and trainers to author, schedule, deliver, and report on quizzes, tests and exams. Description TCExam suffers from multiple pre and pos...
Tugux CMS 1.2 (pid) Remote Arbitrary File Deletion Vulnerability
Summary Tugux CMS is a free, open-source content Management system CMS and application that powers the entire web. Description Input passed to the 'pid' parameter in administrator/deletepageparse.php is not properly sanitised before being used to delete files. This can be exploited to delete file...
ESTsoft ALPlayer 2.0 ASX Playlist File Handling Buffer Overflow Vulnerability
Summary ALPlayer former ALShow is an easy-to-use media player that comes equipped with plenty of codecs, and it's prepared to download more if needed. Description The vulnerability is caused due to a boundary error in the processing of a playlist file , which can be exploited to cause a stack-bas...
Valve Steam Client Application v1559/1559 Local Privilege Escalation
Summary Steam is a digital distribution, digital rights management, multiplayer and communications platform developed by Valve Corporation. It is used to distribute games and related media online, from small independent developers to larger software houses. Steam also has community features,...
NetServe Web Server v1.0.58 Multiple Remote Vulnerabilities
Summary NetServe is a super compact Web Server and File Sharing application for Windows NT, 95, 98, 2000, and XP. It's HTTP Web Server can serve all types of files including html, gif and jpeg, actually any files placed in your NetServe directory can be served. New key features include...
Sitemagic CMS 2010.04.17 (SMExt) Remote Cross-Site Scripting Vulnerability
Summary Sitemagic CMS is a fantastic new platform for building and maintaining great looking websites. It is very easy to set up and use, and is fully extendable and customizable. Description Sitemagic CMS suffers from a XSS vulnerability when parsing user input to the 'SMExt' parameter via GET...
Pacer Edition CMS 2.1 (l param) Local File Inclusion Vulnerability
Summary The 'Pacer Edition' is a Content Management SystemCMS written using PHP 5.2.9 as a minimum requirement. The Pacer Edition CMS was based from Website baker core and has been completely redesigned with a whole new look and feel along with many new advanced features to allow you to build sit...
Pacer Edition CMS 2.1 Remote XSS POST Injection Vulnerability
Summary The 'Pacer Edition' is a Content Management SystemCMS written using PHP 5.2.9 as a minimum requirement. The Pacer Edition CMS was based from Website baker core and has been completely redesigned with a whole new look and feel along with many new advanced features to allow you to build sit...
Pacer Edition CMS 2.1 (rm) Remote Arbitrary File Deletion Exploit
Summary The 'Pacer Edition' is a Content Management SystemCMS written using PHP 5.2.9 as a minimum requirement. The Pacer Edition CMS was based from Website baker core and has been completely redesigned with a whole new look and feel along with many new advanced features to allow you to build sit...
Ushahidi 2.0.1 (range param) SQL Injection Vulnerability (post-auth)
Summary The Ushahidi Platform is a platform for information collection, visualization and interactive mapping. Description Input passed via the 'range' parameter to dashboard.php is not properly sanitised in application/controllers/admin/dashboard.php before being used in SQL queries. This can be...
Kentico CMS <=5.5R2.23 Cross-Site Scripting POST Injection Vulnerability
Summary .NET Web Content Management System for ASP.NET. Description Kentico CMS suffers from a XSS vulnerability when parsing user input to the 'userContextMenuparameter' parameter via POST method in '/examples/webparts/membership/users-viewer.aspx'. Attackers can exploit this weakness to execute...
Tugux CMS 1.2 Multiple Remote Vulnerabilities
Summary Tugux CMS is a free, open-source content Management system CMS and application that powers the entire web. Description The application suffers from multiple issues including: reflected and stored xss, sql Injection, local file inclusion, url redirection. Vulnerable parameters include:...
DreamBox DM500(+) Arbitrary File Download Vulnerability
Summary The Dreambox is a series of Linux-powered DVB satellite, terrestrial and cable digital television receivers set-top box. Description Dreambox suffers from a file download vulnerability thru directory traversal with appending the '/' character in the HTTP GET method of the affected host...
Adobe Audition 3.0 (build 7283) Session File Handling Buffer Overflow PoC
Summary Recording, mixing, editing, and mastering — Adobe® Audition® 3 software is the all-in-one toolset for professional audio production. Description Adobe Audition suffers from a buffer overflow vulnerability when dealing with .SES session format file. The application failz to sanitize the us...
Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow (SEH)
Summary Connects LonWorks networks to process control, visualization, SCADA and office software. Description The ElonFmt ActiveX Control Module suffers from a buffer overflow vulnerability. When a large buffer is sent to the pid item of the GetItem1 function in elonfmt.ocx module, we get a few...
docuFORM Mercury WebApp 6.16a/5.20 Multiple Cross-Site Scripting Vulnerabilities
Summary Unlimited options for production printing and customer solutions. Description The Mercury Web Application suffers from multiple XSS vulnerabilities when parsing user input thru the GET parameter 'thisurl' and the POST parameter 'aasfunc' in fstate.php, flist.php, fjob.php and fheader.php...
Help & Manual Professional Edition 5.5.1 (ijl15.dll) DLL Hijacking Exploit
Summary Help & Manual 5 is a single-source help authoring and content management system for both single and multi-author editing. Description Help & Manual suffers from a DLL hijacking vulnerability that enables the attacker to execute arbitrary code on the affected machine. The vulnerable...
Anfibia Reactor 2.1.1 (login.do) Remote XSS POST Injection Vulnerability
Summary Fast web-based server monitoring. Keep an eye on servers, connections, databases, cpu, hard drives and more! Description The Anfibia Reactor JS service suffers from a XSS vulnerability when parsing user input to the 'email' parameter via POST method in 'reactor/login.do' script at the...
TutorialMS v1.4 (show) Remote SQL Injection Vulnerability
Summary TutorialMS is a free content management system, developed specifically for tutorial pages. It is written in PHP and uses MySQL as a database. TutorialMS offers all the usual features you need to build quick and easy your own tutorial page, without great programming knowledge. Description...
DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities
Summary DoceboLMS is a SCORM compliant Open Source e-Learning platform used in corporate, government and education markets. Description DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters 'name', 'code' and 'title' in index.php is not...
Antamedia Internet Cafe Software 7.1 Insecure Permissions/DLL Loading
Summary Internet Cafe Software – Cyber Cafe software is a worldwide top selling solution for CyberCafe management and game center control. It protects your computers from unauthorized usage and helps with customer billing. Many features like POS, print manager, console controller, smart cards,...
Family Connections CMS 2.3.2 (POST) Stored XSS And XML Injection
Summary Family Connections is an open source content management system. It makes creating a private, family website easy and fun. Description FCMS suffers from a stored XSS vulnerability post-auth in messageboard.php script thru the 'subject' post parameter. XML Inj. lies in the /inc/getChat.php...
Pointter PHP Content Management System 1.2 Multiple Vulnerabilities
Summary Pointter PHP Content Management System is an advanced, fast and user friendly CMS script that can be used to build simple websites or professional websites with product categorization, product blogs, member login and search modules. The webmaster can create unlimited static page boxes,...
Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions
Summary Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks. Description The package...
Constructr CMS 3.03 Multiple Remote Vulnerabilities (XSS/SQLi)
Summary ConstructrCMS is a new and fresh Content Management System build with the Power of PHP and MySQL. The Backend is mostly controlled by Ajax for a unique User Experience. Description The CMS suffers from several vulnerabilities SQL and XSS. The sql issue can be triggered when the app tries ...
eXPert PDF Reader 4.0 NULL Pointer Dereference and Heap Corruption Denial Of Service
Summary eXPert PDF Reader is a free pdf viewer software that lets you view and print pdf documents on windows operating systems. Description The vulnerability is caused due to a NULL pointer dereference when processing malicious Printer Job .pj files and can be exploited to crash the application...
Nitro PDF Reader 1.4.0 Remote Heap Memory Corruption / DoS PoC
Summary Nitro PDF Reader, free, fast, powerfull and secure. Create PDF files, comment and review, save PDF forms, extract text and images, type text directly onto the page, and more. Description The program suffers from a heap corruption vulnerability which can be exploited by malicious people to...
Elecard MPEG Player 5.7 Local Buffer Overflow PoC (SEH)
Summary Elecard MPEG Player is a high-quality full-featured multimedia player supporting the newest formats, designed to provide you with video and audio playback. Description The program suffers from a buffer overflow with SEH overwrite vulnerability when opening playlist file .m3u, as a result ...
WinMerge v2.12.4 Project File Handling Stack Overflow Vulnerability
Summary WinMerge is an Open Source differencing and merging tool for Windows. WinMerge can compare both folders and files, presenting differences in a visual text format that is easy to understand and handle. WinMerge is highly useful for determining what has changed between project versions, and...
phpBugTracker 1.0.5 Multiple Reflected XSS Vulnerabilities
Summary phpBugTracker is a web-based bug tracker with functionality similar to other issue tracking systems, such as Bugzilla. Design focuses on separating the presentation, application, and database layers. phpBugTracker is lightweight and easy to install, operate and administer. Most text can b...
GAzie 5.10 (Login parameter) Multiple Remote Vulnerabilities
Summary GAzie is a multi-company management program ERP that runs on Apache web server with support for PHP and Mysql database. Open Source web-based application for small and medium enterprises. Description GAzie is prone to a cross-site scripting and an SQL Injection vulnerability because it...
AutoPlay v1.33 (autoplay.ini) Local Buffer Overflow Exploit (SEH)
Summary AutoPlay is a shareware application used for making autorun.ini files that can be edited and stored to compact disks. Description The program suffers from a buffer overflow vulnerability when openinng autorun file .ini, as a result of adding extra bytes to parts of the edited file, giving...