FlexNet License Server Manager versions 11.9.1 and below suffer from a stack overflow vulnerability in lmgrd. Proof of concept included.
e1685cec49a2c9fdbef7f2df8194086852d758d0cee891a610d91b40c7e329acWonderware Archestra SuiteLink suffers from resource consumption and denial of service vulnerabilities.
c34e1df7a3082d619c7c03aab1d1f9f1341e2d5947161396f2bcfcb5128fa599Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
6eba0c58436511df2a7c1ddd9624d256ee11fcd20a797290f0587ece9614fe70WordPress WP-FaceThumb Gallery plugin versions 3.1 and higher suffer from a cross site scripting vulnerability.
9beec02367ad1737a52b89f4f90216d274bf0044e74cac21b7b7924057dad896Netgear WNDRMAC versions 1.0.0.22 and below suffer from a serial number disclosure vulnerability.
664bd8ae2a0cd1c838915a72e05bf722f27b543f881fd63debb15589291aab4cNetBill Billing System version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
8f6bf5ec394c63f7d50c41b4d6c7a436f70c91cbd1b7a83283315cdb666be9abTravelon Express CMS version 6.2.2 suffers from cross site scripting, shell upload, and remote SQL injection vulnerabilities.
f549a1f0e6b7524a1a9ae207fbc978522a07900ebc30a5d12bb88b30343a0ed0Proman Xpress version 5.0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
4984ed76784209bd646dce9acd9136744c4c220bc0daebffc20be2e746ec85c6Viscacha Forum CMS version 0.8.1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
66814beeb0356914b125267098c6da55e7109417eb5ae798097d07811ebcd24bFree Reality version 3.1-0.6 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
493f04f3ec7af900fb32e04bb9d6040d9d5478aa3e1ab908625ea0aa19e36bbdAnvSoft Any Video Converter version 4.3.6 unicode buffer overflow exploit that creates a malicious .reg file.
c532021cc23d12aa672117669ee1f244c0d5045941bccdba57ba511e3b959328Sockso versions 1.51 and below suffer from a persistent cross site scripting vulnerability.
ce4130dfcdd5f03d5815606f2541cae70de1c7e752e6e762e838a81b94563ec2GENU CMS version 2012.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.
6bddc2191901810274fa3dc11c1b25d1771893d78a5b2233469550f82f00e35dSerendipity CMS version 1.6 suffers from a cross site scripting vulnerability.
10b7368991d50674bb817ccf140405847e9ce14c0a0c273269026118e68149f0GetSimple CMS version 3.1 suffers from multiple cross site scripting vulnerabilities.
907c8b643da2c6b6cde7782c0dc396629ae2402f8972644e23c2e574d7f1ee23Indexa suffers from a remote SQL injection vulnerability.
dc8c877edeeba28ad84395fbc9eaec87591e83a222a3bfec24a3f4e87705371aIt appears that high performance servers from NEC suffer from a hard-coded administrative account that can manipulate memory.
eb4272908d1ad7c1709578a39de60f3cbe679c413cb078dd31662645958fdcb3This Metasploit module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'.
f9ed713ff3be483dd14a09fbef83afaa998846ace3aab19c3588c2a752aaa832This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.
979dd7941c1071466332c8564dba032aa510362e1fb22f874339cf269936c50eOwncloud versions 3.0.3 and below suffer from a clear text ldap password disclosure vulnerability in owncloud.db.
31549886f764c292ef5d70e3a5a923ec24afda76b24471bdb34b6fc0fa48ebe5QNX phrelay/phindows/phditto suffer from bpe_decompress stack overflow and Photon Session buffer overflow vulnerabilities. Proof of concept test code included.
a8febe1f7594f7227637fd1ab3e211df28595f24d5860319add7faa94e431a79Adobe Photoshop version CS5.1 U3D.8BI suffers from a library collada asset elements stack based buffer overflow vulnerability. Proof of concept included.
3b56287d07b0ddbf3d319fb8f5847cc3fb85dc7f6c1df369e6873d52c0c28335Kerio WinRoute Firewall Embedded Web Server version prior to 6 suffer from a source code disclosure vulnerability.
a9b2d547021c7228d6ca8bc163da0d1d602976d34a4d91607ab1178f64961ef6eLearning Server version 4G suffers from remote file inclusion and remote SQL injection vulnerabilities.
41e20fa49cc1f8fdca910d1a1867f399a18b00b5955ee10221592384e80d1790The WordPress Bad Behavior plugin suffers from multiple cross site scripting vulnerabilities.
39a4dfbfed1ff091b2170a63180a37194ebf673217a7d0fc2e945b4a2def914f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed