>> TAG: #0day

MyBB User Social Networks Plugin 1.2 – Stored XSS

BulletProof FTP Client 2010 – Buffer Overflow (SEH) Exploit

Linux/x86-64 – Reverse TCP Password (hell) /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (136 bytes)

vBulletin 4.0.x – 4.1.2 (search.php, cat param) – SQL Injection Exploit

Linux/x86-64 – Bind TCP Password (hell) /bin/sh Shell (4444/TCP) Shellcode (147 bytes)

WordPress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection

Mulitple WordPress Themes (admin-ajax.php, img param) – Arbitrary File Download

ManageEngine Desktop Central – Arbitrary File Upload / RCE

WordPress Slideshow Gallery Plugin 1.4.6 – Shell Upload Vulnerability

Wing FTP Server Authenticated Command Execution