This Metasploit module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through “cli” parameter that is directly used to invoke “ayecli” binary. Vulnerable firmwares are from 1.01 up to 1.03.
PHP Login and User Management versions 4.1.0 and below suffers from a remote shell upload vulnerability.
PaulNews version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
LikeSoftware CMS suffers from cross site request forgery and remote shell upload vulnerabilities.
EU MRV Regulatory Complete Solution version 1 suffers from a remote SQL injection vulnerability.
Honeywell XL Web Controller suffers from cross site scripting and remote SQL injection vulnerabilities.
Easy File Uploader version 1.7 suffers from a remote shell upload vulnerability.