Alisveristr E-Commerce is susceptible to SQL injection attacks during the login phase of usage.
2ea0c711d6183588de410ee053c4e82aaefbfb57c635d965c37bc9e0244a78f4
Zen-Cart versions 1.2.6d and below are susceptible to blind SQL injection and remote command execution attacks. Exploit included.
16d5983a9f0364ddea49421fbc4f0e240f1760df33699aa25fd6e85b9567fb3d
It appears that the Free Help Desk software by Help Desk Reloaded leaves the install.php file in place post installation, allowing remote attackers to create accounts without any authentication or access.
804b6bf95c701fc3e436588dcb9bb2b6c18779f0bb612923c56a2ad5eb75b375
WinEggDropShell Eternity version 1.7 is susceptible to preauth stack overflows. Proof of concept denial of service exploit included.
2ec95ea1eb4e9a0c406b4c6e8ae0c57a3f64aba3b51d781bc5062ceb434bc713
phpMyChat version 0.14.6 is susceptible to cross site scripting flaws in start_page.css.php, style.css.php, and users_popupL.php.
ab6d9e1e48b89ca2d7a166ddce989029d13c54b332b9e4bcad235e469d3ca99a
Edgewall Trac version 0.9 is susceptible to a SQL injection attack due to a lack of sanity checking on the group variable.
0e476544b659e0558351730fac351de96b79fa2ac9ed9599c2b7042ef2694279
GameFly, the popular online video game rental service, suffers from a cross site scripting flaw.
ce3987d843bd39dcd1478bb5df3c15e8d042e5a41f5b48309878a478c11ec86a
WebCalendar version 0.1.0 is susceptible to SQL injection attacks via activity_log.php and edit_report_handler.php. layers_toggle.php is susceptible to CRLF injection. Exploitation details provided.
a301911fe8f5e2b56d3446fb741963f4c821df654703f5e31403ffbb7cebdaef
Microsoft Windows CreateRemoteThread denial of service exploit.
387b50fc23c90ae7481a53e79a694e2b9cd93c2ab1d04ea80904e885dd7f2a54