Tap In Solutions suffers from a remote blind SQL injection vulnerability.
995cbf573228570625a2c32a2a15874c97fc116822256ce63a74c4f0f34843b3iSchoolSite suffers from a remote SQL injection vulnerability.
3bb4573c38c18f4182a4f42fbe981360a4539c97e45c9e64d63cb6db79c46312Climeweb suffers from a remote SQL injection vulnerability.
7c1d7f5694c17aae6e22a12e8036ed5dfe6499f138eb0928270c7792e73ab572This Metasploit module exploits a stack-based buffer overflow vulnerability in version 7.5.1 86 of Real Networks Netzip Classic. In order for the command to be executed, an attacker must convince someone to load a specially crafted zip file with NetZip Classic. By doing so, an attacker can execute arbitrary code as the victim user.
7c9d830274420e19564984899e0366cab20392b76e994a6b0e384e9de02b5a0aThis Metasploit module exploits a vulnerability found in Apple Safari on OSX platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way seems to be opening a share on the victim machine first (this can be SMB/WebDav/FTP, or a fileformat that OSX might automount), and then execute it in /Volumes/[share]. If there's some kind of bug that leaks the victim machine's current username, then it's also possible to execute the payload in /Users/[username]/Downloads/, or else bruteforce your way to getting that information. Please note that non-java payloads (*.sh extension) might get launched by Xcode instead of executing it, in that case please try the Java ones instead.
813e7b6681dffdbb170749ba71603be94be65c52baeeeffe39b6f94697d09ec4Gnuboard versions 4.33.02 and below suffer from a remote SQL injection vulnerability in tp.php.
95a4c8c9f9e28f3db5ddb919a8e9f6a2d90986205c018ce57567a87e28212b79The Dominant Creature BBG/RPG browser game suffers from a cross site scripting vulnerability.
7d877e69ad0910b2150ebb5b0e6e0e42c107770003b770a64e31c33e653aa852WordPress plugin BackWPup version 2.1.4 suffers from a remote code execution vulnerability.
e8922fa4c7addf7e093d643ed4e3247a3aeeba16d61549f286d287b09cde8758The service at anti-virus.cloudflare.com suffers from a cross site scripting vulnerability.
b6ee5497426ebce31868121289c9ae738ae0ad5026abab52cd9dbc4650ad8848Toshiba e-Studio devices suffer from an authentication bypass vulnerability.
8d34ec59051a89a05afdeee8fa150523f3ddb25662352023a4f80265d709bec7This exploit demonstrates denial of service vulnerabilities in the Windows TCP/IP stack as outlined in MS11-064.
471ae2bada5d0b38fd72c862eb89a058ec3a822b1b81c073d91414299fd67a81BlueZone Desktop suffers from a denial of service vulnerability when handling a malformed .zap file.
e1a7bbab1ba84af0b35ae5069123a331cb1e9ab9fa13f4586b2f072df9c6feddRuubik CMS version 1.1.0 suffers from a local file inclusion vulnerability in /extra/image.php.
d2b1addd96e2e267f8d8f70e75e428f64d640a7bfab0a656996b01f6d5197ad6AV Arcade Pro version 5.4.3 suffers from an insecure cookie vulnerability that allows for access bypass.
85caebbc8302080405aaba7b14f4d050846bcc4ebc8f6a18d8cc7afc3983ae10aSgbookPHP version 1.9 suffers from a cross site scripting vulnerability.
fa1a2a00d58496a2268288ec516ff78e9ea410036ba43a047873b29febc8bae7Apple Safari versions prior to 5.1.1 fail to enforce an intended policy for file:// URLs and in turn allows for remote attackers to execute code.
a157bef85abd26f723c099109c42adb1bb95c25de6439edfd27bf297b0efe62fMac App Store suffers from a man-in-the-middle vulnerability that allows for remote command execution.
e88209a3e289c622603bd43b938bcfbf92e5160cdf3d50166e1221374865b7e6Apple Safari versions 5.0 and later on Mac OS and Windows are vulnerable to a directory traversal issue with the handling of "safari-extension://" URLs. Attackers can create malicious websites that trigger Safari to send files from the victim's system to the attacker. Arbitrary Javascript can be executed in the web context of the Safari extension.
f206473f38c0933286bdc00fd667750becd015dc4db7e86a307c3b55344dc453WordPress Photo Album Plus versions 4.1.1 and below suffer from a remote SQL injection vulnerability.
bf3ea8918c7de9782e264e2d6b05ec45720b07a5c20144302c4a8eed53b6c5d3PROMOTIC version 8.1.3 suffers from an ActiveX SaveCfg stack overflow, an ActiveX AddTrend heap overflow, and a directory traversal. Details and proof of concept included.
3771948f0bd952728776730df1a273e42847c65f28d2f2d69c737d27de5ba2c2Sites designed by Xenon suffer from multiple remote SQL injection vulnerabilities.
c098a4388a127889dfd3764db922cde8244b6a82e61ff357ae5785d470fd40d5This Metasploit module exploits a function pointer control within SVUIGrd.ocx of PcVue 10.0. By setting a dword value for the SaveObject() or LoadObject(), an attacker can overwrite a function pointer and execute arbitrary code.
9cec135d4cf28788b201ff76bbf8e4da5b3898cae8eca25fb07c606afc723f80This Metasploit module exploits a vulnerability found in Mozilla Firefox 3.6. When an array object is configured with a large length value, the reduceRight() method may cause an invalid index being used, allowing arbitrary remote code execution. Please note that the exploit requires a longer amount of time (compared to a typical browser exploit) in order to gain control of the machine.
eca7d8b6931584eb3a994d517c4e7c7d6ee00bc2c0a6e1a811a275c54de08fa6WordPress Contact Form plugin versions 2.7.5 and below suffer from a remote SQL injection vulnerability. A patch is included.
9b07f455f6aee294073adabc402040fdad7b34b7d958d48990162aa3974e39f7Microsoft .fon extension kernel-mode buffer overrun proof of concept exploit and write-up.
c9041b25d1db7f3af1b8cb43239c5d141716f9bc0a5017a00f045f34067e378d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed