Proof of concept exploit that demonstrates the downloading of Web.config. This affects unpatched versions of .NET framework 3.5 Sp1. Full details are available on the homepage.
c2bff02b5943229b67a2c7bfe0e791c38fd61cecc58a739443381625fa85ed4b
JForum versions 2.08 and below suffer from a stored cross site scripting vulnerability.
3fe1100de28afe6658fa2b65ada4dda113e0d941cfc15f6c9fdddd29ff5a39a6
CA Oneview monitor lets users save configuration files with arbitrary extensions allowing for the execution of arbitrary JSP code.
0c2adf40fe7a940f2ab1bdcf29d3c31ea5c40a58e333757ddd0a4ebf0eb99889
New Atlanta Servlet Exec allows for the reading of system configuration files and unauthorized access to system information.
34a4088e3ba49cb55c3d0a4c393f545d9987745e1a0af51a84ec49da7a867e1f