GreenBrowser suffers from dialog and stored cross site scripting vulnerabilities. Versions 6.1.0117 and 6.1.0216 are affected.
52011797f6cf6b3020e9528439fbb81b5f61d8b3df82e16e190aca42efcb4e80NextBBS version 0.6.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
bfa83da9859d83d6988d38e9d8dc4e00aea5881410d054635c38bf926bc80c44WordPress Integrator plugin version 1.32 suffers from a cross site scripting vulnerability.
226dc0865f1e4637a651cc57b54000997a519d9ef7a21654f2c356f06f380d22IP.Board Add-on IP.Gallery version 4.2.1 suffers from a cross site scripting vulnerability.
90c47186ae1674d5115aa9b5aa199e83a70e3cd3652f114d5d4cfa401a38b202Safari for Windows versions 5.1.5 and below URL window.open() spoofing exploit.
fa47711147826c3af24200dac00cf3b0e261d6aac3b5014aeeb8cecd5a70ee04Serido CMS suffers from a remote SQL injection vulnerability.
8f54cea7fe56f563e5f9f54ce1d3096211202437785c28a2bb98ba94f0398d21Matthew1471s ASP BlogX suffers from a cross site scripting vulnerability.
278ceb4d4521a0d480bdb5620b3f83a5315dd44c0864b48c673fe27f962b2c8fMyBB version 1.6.6 suffers from cross site scripting and remote SQL injection vulnerabilities.
1c05d3a8ad5d3b1a5d24d5c58e27e647e137cbad96576db30cdb622ac4ada965The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.
811b545d5083c227c56986dbdeeac60ef0a1b6690230618e3d3b76f311c4ab12Family CMS versions 2.9 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
1ec7f405de63ef5f7838d32c96dbfa4b6d6603c64200b6d6fa5153eb534bef34Wolf CMS versions 0.75 and below suffer from a persistent cross site scripting vulnerability.
bf5531ebf0d1f42a147d86f362d0405a209a4ad6e8e3ce3b8be40adb10d4cde7This Metasploit module exploits a vulnerability found in Ricoh DC's DL-10 SR10 FTP service. By supplying a long string of data to the USER command, it is possible to trigger a stack-based buffer overflow, which allows remote code execution under the context of the user. Please note that in order to trigger the vulnerability, the server must be configured with a log file name (by default, it's disabled).
2e39652db0079e5ca51125d0179fc236f418207928058994109116189eadb542This Metasploit module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack.
b357e9030ba561108d1415577377c438445c6d1ccdf5a6b60eef2ab3f927b9c6This Metasploit module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callme_page.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callme_startcall in order to gain remote code execution. Please note in order to use this module properly, you must know the extension number, which can be enumerated or bruteforced, or you may try some of the default extensions such as 0 or 200. Also, the call has to be answered (or go to voice). Tested on both Elastix and FreePBX ISO image installs.
732f9a89390a847e9a30d1b733961bd71e76e38457ac805770011388b929d0ccCheckpagerankgoogle.com suffers from a cross site scripting vulnerability.
ee0303b63281ce4c2c26227f5bc2666eac841f26c64ccf604363ce40901baa6fGeeklog version 1.8.1 suffers from a remote SQL injection vulnerability.
9be3e7153df67b33b254726a14a901951aaaba4751f8049fd80f5b1eb6da025fvBshop suffers from a persistent cross site scripting vulnerability.
d4a6811d6fb5bac7dbc3fdde83a891132b9c2f843ed4d0dd91eb279b0283ae47Pale Moon Web Browser version 11.0 suffers from a multiple looping denial of service vulnerability.
40561a779d1b6656164dae1c91c66170fb40b3a209cc2de7e38e82b7eb790a39Otuz8 Medya suffers from a cross site scripting vulnerability.
0c3d7e759f5842190060b4b859db8cfdfd3d3e5b8c4e3e3e8c999f3059f2d896Validate.icq.com suffers from a cross site scripting vulnerability.
ccacf2ce466f55826ad427e0bf970ca5cfdd882f0cc43dd33c48bdd083b5a97bFBLike Script suffers from a cross site scripting vulnerability.
c71e8559d3436f05fed29184dce0f98281b30b1685e4fa19b6b6246ec5639d21PHP version 5.4.0 built-in web server denial of service proof of concept exploit.
bbfd3425e200f20aede920fb93f171459ebc22c83495b9e14ad46cef5fb558dbEvent Calendar PHP 1.0 suffers from a cross site scripting vulnerability. Version 1.1 fixes this issue.
da5cb4722a4744a9001176ef2a9c67350d54eb420e64cc3e33a32ea6f03e3c76Laoy8! CMS version 3.0sp1 suffers from a cross site scripting vulnerability.
4930a19b764cac7eda59e68e1a8624d9d7c53390ff842362f47a4b2479ea53ccvBulletin vBShout module versions 6.0.5 and below suffer from a cross site scripting vulnerability.
462691bf6e33cb4da99f73fd68d72c50e99cf6cb8e3203bd504dcf8a334e3836
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed