Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution.

PHP-Fusion CMS versions 9 through 9.03 suffer from multiple cross site scripting vulnerabilities.

Pandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability.

This Metasploit module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called TPL which is used in the PlaySMS template engine at src/Playsms/Tpl.php:_compile(). The vulnerability is triggered when an attacker supplied username with a malicious payload is submitted. This malicious payload is then stored in a TPL template which when rendered a second time, results in code execution.

This Metasploit module exploits a vulnerability found in Pandora FMS 7.0NG and lower. net_tools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands.

MSF eXploit Builder is a Windows GUI to build Metasploit Framework exploit modules. It will help you to edit/modify/create/test exploit modules for the Metasploit Framework. Full source release. It includes a built-in fuzzer, a win32 debugger, and a lot of tools used in the process of exploit development.

DotNetNuke CMS version 9.5.0 suffers from file extension check bypass vulnerability that allows for arbitrary file upload.

Sentrifugo CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

Whitepaper from Phrack called .NET Instrumentation via MSIL bytecode injection.

Unofficial temporary fix for the critical Windows WMF vulnerability which Microsoft will patch on 1/10/06. Tested on Windows 2000, Windows XP, and Windows XP Professional 64 Bit. The author recommends switching to the official MS patch when it becomes available. Includes c++ source.

Microsoft Security Bulletin (MS00-075) - Microsoft has released a patch that eliminates the "Microsoft VM ActiveX Component" vulnerability in Microsoft virtual machine (Microsoft VM) for Windows 95, 98, Windows Me, Windows NT 4.0, and Windows 2000. If a malicious web site operator coaxes a user into visiting his site, the vulnerability allows him to take any desired action on a visiting user's machine by using ActiveX controls which are marked unsafe for scripting. Microsoft FAQ on this issue available here.

Microsoft Security Bulletin (MS00-091) - Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows NT 4.0 and a recommended workaround for Windows 95, 98, 98 Second Edition, and Windows Me. The vulnerability allows malicious users to pause networking or sometimes crash the entire system by sending a flood of specially malformed TCP packets to port 139. Microsoft FAQ on this issue available here.

Microsoft Security Bulletin (MS01-001) - The Web Extender Client (WEC), a component that ships as part of Office 2000, Windows 2000, and Windows Me, does not respect the IE Security settings regarding when NTLM authentication will be performed - instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's web site - either by browsing to the site or by opening an HTML mail that initiated a session with it - an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute force attack, or with specialized tools, could submit a variant of these credentials in an attempt to protected resources. Microsoft FAQ on this issue available here.

Microsoft Security Advisory MS01-019 - Compressed folders, included with Windows ME and Plus 98, has an implementation flaw which records the plain text password used to encrypt the folder in c:windowsdynazip.log. Microsoft FAQ on this issue available here.

Microsoft Security Advisory MS01-054 - A vulnerability in the UPnP service which is enabled by default on Windows ME and XP allows for a remote denial of service attack causing slow performance to system failure. This vulnerability is exploited over TCP ports 1900 and 5000. Microsoft FAQ on this issue available here.

Microsoft Security Advisory MS01-059 - Two unrelated buffer overflows have been found in the Microsoft UPnP service. A overflow in the NOTIFY directive allows remote attackers to execute arbitrary code. The second vulnerability crashes the machine. Windows ME and XP include native UPnP services; Windows 98 and 98SE do not include a native UPnP service, but one can be installed. Microsoft FAQ on this issue available here.

Server Scan is a simple tool for detecting web servers on a network. Created originally to detect unauthorized web servers on a network, server scan can serve many purposes from detecting unauthorized web servers to checking what types of web servers are running on your network. Server Scan is compatible with Windows 95, Windows 98, Windows Me, Windows NT 4, Windows 2000, and Windows XP.

Microsoft Security Advisory MS02-054 - On Windows 98 with Plus! Pack, Windows Me and Windows XP, the Compressed Folders feature has an unchecked buffer in the program that handles the decompressing of files from a zipped file, allowing code of the attackers choice to run.

SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities.

Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.