ManageEngine Service Desk Plus version 8 suffers from a directory traversal vulnerability.
4f147a402469540bda70a2d4460e60ce17cdd395e97084b88ed6877689a53c33Kofax version 2.5.0.933 suffers from an arbitrary file overwrite vulnerability.
3281c8b5dece97ac0a85e385b7de5c6f12504838d5c29db6be1e5e33f9c43352FanUpdate version 3.0 suffers from a cross site scripting vulnerability.
8aa6260c4a3817754f9c4fb660d63880ee97da901ced7c5af5b923f779758630iSupport version 1.8 suffers from a remote SQL injection vulnerability.
2b710744b5d40ea4085cc2528feab9d2b8211d10b452dac2c9cbbb977f110275BrewBlogger version 2.3.2 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
9e5309251f26557177e8598963e20674f5b3b572bee9a84c821b9eea97682ff6This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.
eefc2e2dd1a8e6e3d6bbd51968ba293d8582140300ddd65d9a563690a5bf114bThis Metasploit module exploits a buffer overflow in Sielco Sistem Winlog <= 2.07.00. When sending a specially formatted packet to the Runtime.exe service, an attacker may be able to execute arbitrary code.
ad560ed7c2b5c2b085b3af27e95252ee83dd229a20d5349ee20068a8929d360fSitemagic CMS suffers from a directory traversal vulnerability.
6b480a073a294ad63da8d569a12e8ffa57a5e07c8a301358a24e317656464735The IBM Web Application Firewall can be evaded, allowing an attacker to exploit web vulnerabilities that the product intends to protect. The issue occurs when an attacker submits repeated occurrences of the same parameter.
dd1e9c94795aba4ffecf00c4d23acf69a25e54a0a279d3b90a3b780c202eb617Sitemagic CMS suffers from a XSS vulnerability when parsing user input to the 'SMExt' parameter via GET method in 'index.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
8e9bd0f1156742f2d83faa0606fca5304a8e3b055624c9077f24c1a8e274c310This Metasploit module exploits a stack buffer overflow in FactoryLink 7.5, 7.5 SP2, and 8.0.1.703. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by Luigi Auriemma.
180a8907d61d69a4ded59759afdcd03ea9f1757008b99fd69ef2a1c78f4f6f23This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.
c654011b0b3147d7a6b19b80df3e17b7fd597bafa54d127293006bedf2615b9dBlue Bison Script suffers from a remote SQL injection vulnerability.
7880a3ca3557c50dac2f14276792af3c24e1534ae07085756946b9256c400508EA Sports aka ea.com suffers from a cross site scripting vulnerability.
2de1463eb99e58c2c78410d7068ed00f86ce8bc9e7e49e6c254af72e509df958If-CMS version 2.07 pre-authentication local file inclusion exploit that leverages the newlang parameter.
54e0d5a2b5475f09684e3d5e161e928ef2258de0b02c152c7f1fffea225f343dDreamBox DM800 versions 1.6rc3 and below suffer from a remote arbitrary file download vulnerability.
9903b5996d825cd58d3ca550b02438e32094e98f800883c5f8767a40223d9173XnView version 1.98 proof of concept denial of service exploit.
fa100ee8b79f5fb0993035b6b1c6a7e65a6470c5a1875b1e5858ec2c67f26a4cWordPress WPtouch plugin version 1.9.27 suffers from a URL redirection vulnerability.
f8562a4052d763ce8f06be98cb6f666931c4d1ca5979a972efdf6d7356ddd647Netclues Script suffers from a remote SQL injection vulnerability.
7466898a8173b4a6fb7bde676af273b9ffb156a034decea427209d212c0f256aThis Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0).
865b5dfcca02d2a6aa7a695fab5ecd9bed1fd762899a653cfbd3f158ed37c831Black Ice Fax Voice SDK version 12.6 remote code execution exploit.
b74e8d9fa16afc7c5be868647ea87134dbc15594a5e17358904cc7728f7d2012Sites design and developed by Websitesforless suffer from a remote SQL injection vulnerability.
704b2ff619fb0ca688b25b26b38ee4879707069293e87386769068946eea8a6cKievShina Designs suffers from a remote SQL injection vulnerability.
25451833c3581be1ba00d7a08b2a6337c53b0df11201d10314d6f5a2b6323977It seems that sites owned by Time Warner all seem to suffer from the same remote SQL injection vulnerability.
7d0cd865ece7e4f89ead8ca54d236b8177481b0c9e9babfeb8374961805c5119EssentialSoft Sales Force Automation Systems suffers from a remote SQL injection vulnerability that allows for authentication bypass.
27ce6d8c26ec03e95b0df00e1d7092bc44217f3c5d9e27a494d26594ab3df74b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed