Toko Lite CMS version 15.2 suffers from multiple cross site scripting vulnerabilities.
1e375defb0b70ff576bb4ab30105128e41f023f56c06f5adc032a0786038ed7cAspgwy Access version 1.0.0 suffers from a cross site scripting vulnerability.
78db463e58965c529a5c4a6614d17333f3c19ce080b1a06db7603e8385da93aeWordPress Filedownload plugin version 0.1 suffers from a file disclosure vulnerability.
7caf8797e03a291467364c0a1cd9e428d63613b9a7870a60ea2e99e43d1090f5KnFTP version 1.0.0 buffer overflow denial of service proof of concept exploit.
c8dbba0550733b7b64cb6fcc1db09bc11f418b3fbd9cb4822b7d529e0ff3a3f3WordPress Count Per Day plugin versions 2.17 and below suffer from a remote SQL injection vulnerability.
13411fc482f31ec413a312166f4d200c9694acd983163be252b527555f7f53beCrea Boutie Pack Pro suffers from a remote SQL injection vulnerability.
be2883477e9a10271cfb2d27b81464e931af4d547ee874ceef536539c10cf9b4Car Portal version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. This is the same vulnerability that affected version 1.0.
b81d1ba1dfa5f5b4abef4f68cf9938f66968aba574bf0980b51df453711c74a0Gocommerced suffers from a remote SQL injection vulnerability.
ac58034dc5ee533d56b1631792312f1f176fe4948b30ab27b8d3264bc6b93913Asp Basit Haber Script version 1.0 suffers from a remote SQL injection vulnerability.
281f3148cd8070695b7c5c5173f62525cc90b0bbe3c9488308af102fbf0ec75eEvidalia Web SL suffers from a remote SQL injection vulnerability.
728d0e460ebe21bf1be2fa6456a0431f31ee1417520e8d755510f9bdd5e12f59Gap Infotech Team suffers from a remote SQL injection vulnerability.
0c533653c8f4f325211b46563d50b92350ac07b7c88efca7e10fddc4159ddb74Ayco Resim Galeri suffers from a remote SQL injection vulnerability.
2a43eb8a26e24822918c2d627e91acf86d45a50fb539d8fba37894531a9d7c03Ayco Emlak suffers from a remote SQL injection vulnerability.
f8bce656a88e6f072ea08c8693bc9c35408a509bd88b81b3c2a079ff6b47e6c9Ayco Shop version 1 suffers from a remote SQL injection vulnerability.
4201607e8da71b96f886977104a9a7448011c0dc9aff47e895ced50a3ca620adJlWeb suffers from a remote SQL injection vulnerability.
38b0b10c7ef3e1a4d29db9ba17f815ab72c315e078fa5c1e9cd493adde76faf5KnFTP server version 1.0.0 remote buffer overflow exploit that leverages the USER command.
ad1af12d60d187a995b54043229d49d25f922fbb2e08bf4d92ad939e4049baceiGallery plugin version 1.0.0 suffers from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
649c0e5f670adcc02d2f48ac41bb3b9dbf1473ba6e21da4a9bebd40f9b3f7896iManager plugin versions 1.2.8 build 02012008 and below suffer from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
4c4c2b763221737d36a6acfffd6dbb477bc08d64d63061a263200f70c4504d7aiBrowser plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.
2107ed08679b3cadf3a5612f0068b8a88d9524b1ecc47a00f4761fae255d7405iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.
63d8ec3f4d364c44e15e1df3ae54eb79901968d0e854a24fdc9ff42dc237090bPunBB PHP Forum suffers from cross site scripting vulnerabilities.
d8d3793a6fcf75cc7f7df0ecb723320bdd09dc088958cdb60f390cfd39f87be9This Metasploit module allows remote attackers to execute arbitrary commands on the affected system by abusing a directory traversal attack when using the 'xf' command (execute function). An attacker can execute system() from msvcrt.dll to upload a backdoor and gain remote code execution.
802baf0283f3035901e556177c67bc14ff8b62fa5e4ccd9e691b0fd5740792beThis Metasploit module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted "fmt" chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.
cce2bc3fede3c402a04087782f79fa183476cf2dbb4148275dc851a1d3272199This Metasploit module exploits a stack-based buffer overflow vulnerability in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone. By doing so, an attacker can execute arbitrary code as the victim user.
e57c5d7bb2afa78df530127adc494c09c01ecf0da39129aaa47ac10c126368d3iManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.
d0cf4e6a0566ee44420d01dd97fde3f21f7a6d484e9d9448f4b1f6a0c32cc43c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed