KMPlayer version 3.2.0.19 suffers from a DLL hijacking vulnerability.
e710953170f62944c95092c7d7f49e5821951feac65493d0dc8d7059e53707a9Parallels PLESK version 9.x suffers from an insecure permissions vulnerability.
ed2521012c4e3be895f96bbdf69d5c6e700987738b89562f7bc01f25941cf0cbWordPress Zingiri Web Shop plugin versions 2.4.0 and below suffer from reflective and stored cross site scripting vulnerabilities.
18ed50d1ec24690a1dd37bbe47a05297e810a1d475db1cbd2c532a9a4dbb6838Microsoft MSN Hotmail suffered from a password reset and setup vulnerability.
49073ed7e6528aed6e2a1395224e58b80dc4adcd3daca681f9d673e3701cffb1Ettercap NG version 0.7.4 suffers from a DLL hijacking vulnerability.
d04c00509e1d3444d662e6b7f22e92825bfd705db741648e0c2385bed9551510This Metasploit module exploits a buffer overflow in Shadow Stream Recorder 3.0.1.7. Using the application to open a specially crafted asx file, a buffer overflow may occur to allow arbitrary code execution under the context of the user.
8605d6b286358f8ebce3e864c8089ee88a7cec055a12349e1618003174c8d254This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.
0b684caf70084bb5bcb079447d8379464ff2e3e928ee2d84beab044161baf6bbWordPress Organizer version 1.2.1 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities.
5d7da27b984ced3d8195b475c086f6fa632941aa13a56de1779eb08cce7b634dMoroccoTel boxes suffer from an issue where there is a default password that can be used on the telnet server.
15212df8a3a8d8b6ba16ec77025ef5e22d8dacfee6fd2ff769977b33b5b5fd46Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.
170fe747de0161668180d3fcf82d6993ee1b0965b81a9d2d8dfc43b1af0b7d9emount.cifs chdir() allows for arbitrary file identification as root. All versions prior to 5.4 are affected.
1a07d210c27edc8b4cb7f1f1ad3579fd0a15fb1679968e8465902f2d88e2e7aeThe Joomla Video Gallery component suffers from local file inclusion and remote SQL injection vulnerabilities.
462e3a42ad4cdf7f3d4b4fc799263665b5f88d737088527e7db190630d754023PHP Ticket System Beta 1 suffers from a remote SQL injection vulnerability.
f331b153861f4c95d8694429e29e08f749646cec6c2de5b128d953c29eb07810An undocumented backdoor account exists within all released versions of RuggedCom's Rugged Operating System (ROS®). The username for the account, which cannot be disabled, is "factory" and its password is dynamically generated based on the device's MAC address. Multiple attempts have been made in the past 12 months to have this backdoor removed and customers notified. Exploit included.
fb64f3c68bc6c2d150dfa801c3cc74442ea2352e08299729ea8753433d5ab22aBeyondCHM version 1.1 suffers from a buffer overflow vulnerability when handling a specially crafted chm file. Proof of concept included.
1f4140d1bd20cda3a4f39e3e694685f225a0d65e60da185fa2ca460418e79975CMS By Hispanic Digital Network, Inc. suffers from cross site scripting and remote SQL injection vulnerabilities.
e0609b970a7a2371fc93de251413bd770167edbea45b1afe9330271db1a45913Ettercap version 0.7.4.1 suffers from a DLL hijacking vulnerability.
0a44574fc1b60dc3699352b2c882fc1583f45dbb3776d25cff6a520d75cd30d8Website Deisgn Cardiff suffers from a remote SQL injection vulnerability.
9fb16c16ea10f1e8ab6415d84c27188754c2862797de36e6bc36d57da8055092Mitsubishi.ru suffers from cross site scripting and remote SQL injection vulnerabilities.
c4f9192ef7220609caa4d99bd7ed8867a4dc1456498243db2df42f5a17131299ChurchCMS version 0.0.1 suffers from multiple remote SQL injection vulnerabilities.
daf142bf714b4c86657eb17fad71cfb835dab67218e8b0d57cc94cd82c369f65An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
9f691c33118729de8b1118c45e101699844a3903353809ae5aaae2e5abda61adSchool Website Solutions suffers from a cross site scripting vulnerability.
80af71695150018fd717350d968e6d200dcb7528844b325608fb32140f234a4dExponentCMS version 2.0.5 suffers from cross site scripting and remote blind SQL injection vulnerabilities.
68603c7e8c2f5997c0f69c3794e2233a415b93ed2b8acfd1beee701a907b284cMobipocket Reader version 6.2 build 608 suffers from a buffer overflow vulnerability. Proof of concept included.
956ac848bb2710f1365550adfff0b8787d1dfb621595612c0d1b192087b80cb7SumatraPDF version 2.0.1 suffers from chm and mobi file memory corruption vulnerabilities. Proof of concept included.
2c48263ca242c08c83e3159ab0488a34d4ec0b9ed8c46ee7db29a49caef65b02
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed