eFront Enterprise version 3.6.10 suffers from database disclosure and remote SQL injection vulnerabilities.
1fd9e864d44a25eee8e7166410407a89d43048f8e5e5992f391ba11ec119536fOpera version 11.52 suffers from a stack buffer overflow when switching between two different escape sequences.
2c01e5cf78a988c87379be0eda664a5b7505e067c341ae0889515cedbd48f166Subgroop suffers from a remote SQL injection vulnerability.
22deea47f603904b5f2b0ebcd15879639d723c10390818f913f7ad894e52b451SjXjV version 2.3 suffers from a remote SQL injection vulnerability.
031e873aac9e8ae9bc4cd6cb1cab1c02803fe972fb8d73230dd8a37ef5f6a825EnjoyGraph suffers from a remote SQL injection vulnerability.
865391d796806241633b4046c09ef43dcb615c7752c28d1fb4e0a087c350e15ePlici version 2.0.0.Stable.r.1878 suffers from a cross site scripting vulnerability.
26f9145933b76de79645b2d9ffe0fbecf01c0d18ef174fc2f09219126df4f5ddpoMMo Aardvark version PR16.1 and below suffer from brute force, insufficient anti-automation, and cross site scripting vulnerabilities.
4a4c5af254198f68cea36317c0e9835adfe2a92bfc0db43a4f74945c9778565fSimple Balance version 2.0 suffers from a cross site scripting vulnerability.
36db3ea3c0395729d8ba32868fc09550a640921ba3a083791b5859499b043bb9Xorg versions 1.11.2 and below suffer from a permission change vulnerability that allows a local user the ability to set an arbitrary file to 444.
9f6009b727030f6089ce212fb9833092feb2cd7c92c9d65e65e274472ecb43ceThe Toshiba eStudio multifunction printer suffers from an information leakage vulnerability as passwords can be extracted in plaintext from the html source code of various configuration pages.
5734383d4ee705db601bc8d3d5e3c2dd43c7d59704ae77a50bf1ce5366dd57bcThis Metasploit module exploits a stack-based buffer overflow in GTA SA-MP Server. This buffer overflow occurs when the application attempts to open a malformed server.cfg file. To exploit this vulnerability, an attacker must send the victim a server.cfg file and have them run samp-server.exe.
6516b83685589a1ead2d78e1fafcac820b7f9e19416217a6dda64bcf91cceef6This Metasploit module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
5d5d2dee3205b21a8812ad1ba723eaf15edbd136751c83c17084738dd1505d2aeFront versions 3.6.10 build 11944 and below suffer from code execution, authentication bypass, shell upload, and remote SQL injection vulnerabilities.
a2df7a32a7dd4ae0a9bc4dbd2e2499dc496f68c261d43e949234ee9dc33f4c05Online Subtitles Workshop suffers from a cross site scripting vulnerability.
9cbb9700dbfdbd15641db3845b8658946376a74750116516f4e3f542a962eb68MG For Media Solutions suffers from a remote SQL injection vulnerability.
5854e56c6d82eb0e3a4619ba64ea0aa2129db006cd53f457e44bf00c1152c052A vulnerability was found in the software IWSS of TrendMicro that could allow an attacker to gain root access in the system. The binary "patchCmd" has sticky permissions for the "setuid" and "setgid" with the user root. The execution is allowed to all users. The code performs a setuid(0) before an a system() by that the execution will take root permissions regardless of user permissions.
5c58e2ec89a7aa0742214e1aec3ff4472b0358ec1afdb3c3b4436e5f3f5fc91bXampp version 1.7.4 for Windows suffers from cross site scripting vulnerabilities.
cd1c116e00f67c7bd2d9a1dffc91e3af3e2a36d6d43eac27b4dc04258e04bcc5vtiger CRM version 5.2.1 suffers from a cross site scripting vulnerability when parsing user input to the _operation and search parameters in the /modules/mobile/index.php script.
0d29026874a0d4432347cabc827eb094403c710e733c7fac2c1688bc88169e26The Joomla YJ Contact component suffers from a local file inclusion vulnerability.
14b63d4cd8536eb5a40ccc49a0ccbff854ddb4ce8b606664beda0c785752f6f3Jara version 1.6 suffers from a cross site scripting vulnerability.
08036c096ed9ba555d987f0a515c9421a8e0f73c23a18cc498818681fbd8d29cThis Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.
e1b54786a4e2d61486487555756f54e0b3b67f845210590ec4291fbcedf138f3The zFTP server suffers from a remote denial of service condition when handling multiple STAT and CWD command requests.
8407a8948f7a9148808d25756720686181651afab0fbe2eb264d023cb76c64bbOmniTouch Instant Communication Suite suffers from cross site request forgery and cross site scripting vulnerabilities.
07892a2e4751df91fbe28681577a37dca30715e6cc870860ee5c81e2769086a2Alsbtain Bulletin versions 1.5 and 1.6 suffer from multiple local file inclusion vulnerabilities.
9a3fd172373b47da0252bf9023f0313719a8e2c25ed6eebe23244427cf6c7449Art Dimension suffers from a remote SQL injection vulnerability.
7a7badbf6a781e94a3577fa8aede073768f0c3dbfc109ab2f202fd394b6c8ee0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed