ElkArte Forum version 1.1.9 suffers from a remote code execution vulnerability.
a997e5df0996863611526f71121ce8640064994c237493d32774c3f309e05c10Jcow Social Networking versions 14.2 up to 16.2.1 suffer from a persistent cross site scripting vulnerability.
8ff452224b5c44a006c708f69ef20ee895de407da9b77ccc1fefea5c2352b8244BRO versions prior to 2024-04-17 suffer from insecure direct object reference and API information disclosure vulnerabilities.
64654958dfdf54f7bad8c42f7237049baba8465ad1f9ae64c3a99c61e5cee06bDebezium UI version 2.5 suffers from a credential disclosure vulnerability.
de2d99cea1ff19deb945b14b659e76d382f5d57f316b7dc8c8aca3034d7435afFleetCart version 4.1.1 suffers from an information leakage vulnerability.
df07d922d5e0bd6dd265072cc317d09e41fe1ae1fb85d9021d825906e9007061NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored cross site scripting issue. An unauthenticated user can simulate an agent registration to cause the cross site scripting attack and take over a users session. With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts (agents), and kill the original agent. Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on Ubuntu 22.04. The agent was running on Windows 10 19045.
e5fdc1eb511aee9e0ced55911325ab4ed7c9efe59d20347fc192d3a17a7fa844This Metasploit module exploits an unauthenticated remote code execution vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the submitIndex.php file, where user-supplied input is passed directly to the require() function without proper sanitization. By exploiting this, an attacker can leverage the PHP filter chaining technique to execute arbitrary PHP code on the server. This allows for the execution of commands and control over the affected system. The exploit is particularly dangerous because it does not require authentication, making it possible for any remote attacker to exploit this vulnerability.
7df90df7e75927e09777170cc36a4823a5062bc6e077056564aea5f7a6ba8b7fChat Bot version 1.0 suffers from a remote SQL injection vulnerability.
49ddf48680164af066978efabddac4f15a73ca97d2e553446260cc4ca68b75d9CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The web application also contains a cross site scripting vulnerability within the view of a returned command being executed on an agent.
f57ebc1eae72783c36ac9e3df7805d9879e3d1ced0b8232ea872b32518252dceJoomla versions 4.2.8 and below remote unauthenticated information disclosure exploit.
626134242ae4ae7b4c28853f3d05cf44659ed92ca2ceb96b914b80675d522cdcThe NethServer module installed as WebTop, produced by Sonicle, is affected by a stored cross site scripting vulnerability due to insufficient input sanitization and output escaping which allows an attacker to store a malicious payload as to execute arbitrary web scripts or HTML. Versions 7 and 8 are affected.
71dee722377e162d1e9feb9e21ad78ba3b875d892287e875ff81e8ff1b5fccf2PowerVR suffers from a wrong order of operations in DevmemIntChangeSparse2() that leads to a temporarily dangling page table entry.
c60d53fd594988ae874f9172ca988e0a08a60b03ec48452203f70a979e6d922ePowerVR suffers from a use-after-free vulnerability in _UnrefAndMaybeDestroy().
62d48fec6da2920518cfbf331f251078d85c51ab0a1e30e21ab38e0edd6f3b51Arm Mali versions since r45p0 suffer from a broken KBASE_USER_BUF_STATE_* state machine for userspace mappings that can lead to a use-after-free condition.
6886ec45419b22efaa4183177ef852a685bb4e3e8f20fe513a25b84dccef3243Tenant Limited version 1.0 suffers from a remote SQL injection vulnerability.
13e600b96629ae331bea16a5e73e10163b6351de44d850fb788d57cb33492417WordPress XStore theme version 9.3.8 suffers from a remote SQL injection vulnerability.
477997916de186d3ba832ceed8e646fa8511ebfa7176c3c099d15df6b80d4ea2Apache OFBiz versions 18.12.12 and below suffer from a directory traversal vulnerability.
bbe9f4e67d6b0040e47db9f61ccb61a6f0acf6e3a56d3be47bd40696ca022cefBackdrop CMS version 1.27.1 suffers from a remote command execution vulnerability.
707db64b489094cceb71c8280d7c7e3cdd4d55c06c3fc171b402d3dbf8f0c251PopojiCMS version 2.0.1 remote command execution exploit that requires an administrative login. This vulnerability was originally reported by tmrswrr in November of 2023.
0793753c218491dd6a931313f9bc9e153220431ab9d36e397a9a5a8f56951454Rocket LMS version 1.9 suffers from a persistent cross site scripting vulnerability.
0b7e90fca7d99f0c9238afaea97729e08614b1367dce8730e0cf753d7c7e4e9dThis archive is a GhostRace proof of concept exploit exemplifying the concept of a speculative race condition in a step-by-step single-threaded fashion. Coccinelle scripts are used to scan the Linux kernel version 5.15.83 for Speculative Concurrent Use-After-Free (SCUAF) gadgets.
37e02a934f238521d1f775356b1e8c43d4c6a81948b9dad1162cc1387ca9c199Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.
86b50d4574919755d30f44ebc0972085ad39e9820171813614fe42cf0df9f937SAP Cloud Connector versions 2.15.0 through 2.16.1 were found to happily accept self-signed TLS certificates between SCC and SAP BTP.
bfc27f59ffa7a1d020eb1883e06f1b2a7891a0fff09f6afb7a4aef11cea69616Zope version 5.9 suffers from a command injection vulnerability in /utilities/mkwsgiinstance.py.
1849107b888555128ddb84f1932e592e1a6cec7bad8f090a967908069ab52d02CrushFTP versions prior to 11.1.0 suffers from a directory traversal vulnerability.
f6f0dfaaef61e480d92184b9e2c78f7ab875206b68a377d6f7d4d096b36e0e6b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed