The Realtyna RPL application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
047a0c2fea9daff58d424e91c2902c98b106fa3fb893e43fbb2aa3fcf6462fb1In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by hooking the cmd-key keypress event, a user can be tricked into running arbitrary Applescript code. Gatekeeper should be disabled from Security and Privacy in order to avoid the unidentified Developer prompt.
9ce25e64b927af84c807e90aff34d53a6d9d3e37334d7f8087944eb2e190924fRealtyna RPL suffers from multiple SQL Injection vulnerabilities. Input passed via multiple POST parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
711cc873d9f03c97d0b1aff0b9423799ea4457bd355199d1d787cb915373136cLime Survey versions 2.05 through 2.06+ Build 151014 suffer from arbitrary file download, database access, and php code execution vulnerabilities.
e64f7d819aa7dc537c606c5a35ab89341148e290c54c9d62321a5507095816c5This proof of concept exploit allows any attack to reboot any CX9020 PLC and add random (Web) users to be configured.
e9c12da930af4ff1905dfad1e33339cdaf3ba7a5fbb4f3b0eb58ec445d1ad02bBamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo web interface.
d92d7a7741f8085d106c9c636c2d5147d69c3234f902a1eccb57a0203ec89b96TeamSpeak Client versions 3.0.18.1 and below suffer from remote code execution, remote file inclusion, and directory traversal vulnerabilities.
0f1f28ec7d178ae2c06e6cef9201c86e88856619c37624414d85b53ac8c1c798Microsoft Compiled HTML Help remote code execution exploit that downloads a malicious file.
f4dc71da21f607ff9cc2c465a0b85603953ff83391f6e202d6235c9186f0f389Subrion version 3.x.x suffers from various access control vulnerabilities.
62768949a23bcb01a340e14b69cadd8ee0b7efefabc11cccce4ab1fb165617b6Red Hat Security Advisory 2015-1929-01 - Ironic provides bare metal provisioning for OpenStack nodes. It was discovered that enabling debug mode in openstack-ironic-discoverd also enables debug mode in the underlying Flask framework. If errors are encountered while Flask is in debug mode, a user experiencing an error may be able to access the debug console. All openstack-ironic-discoverd users are advised to upgrade to these updated packages, which correct this issue.
d840b1f47da288f143473ad18550a3aab494bf1a340c40dda738b33147db375bRed Hat Security Advisory 2015-1927-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
15536e37a3a34104a1bc1c3bf040fa32fcdb55519d6a55370937d6830cf6d00bRed Hat Security Advisory 2015-1928-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
8630214eb4aef914d44073d8014ed234523b2760c2a6ebdda2d771bd3c1fadceRed Hat Security Advisory 2015-1926-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
f8dd846665906a188878d41b7ab5af8500459fa5211f249dc609397075c5644e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed