The Siemens Simatic S7-1200 S7 CPU start and stop functions over ISO-TSAP this modules allows an attacker to perform administrative commands without authentication. This Metasploit module allows a remote user to change the state of the PLC between STOP and START, allowing an attacker to end process control by the PLC.
209515171372e815da32934ab41fdd5f1c336d22022bec1c97308a5b5097d4c3The Siemens Simatic S7-300/400 S7 CPU start and stop functions over ISO-TSAP this modules allows an attacker to perform administrative commands without authentication. This Metasploit module allows a remote user to change the state of the PLC between STOP and START, allowing an attacker to end process control by the PLC.
e012c156c46c53f51452c321377eed31d2bcff3d14db2c6ffe938003af648fc7VamCart CMS version 0.9 suffers from multiple cross site scripting vulnerabilities.
20b70ae83034a770d8f15b30a15883ea7321b714bb164532950b8650047e65d1WinGraphviz suffers from an active-x heap overflow vulnerability.
3f6c0b7d807e74cd9fa8d751cc0f4d471d353406a2b674cf66604828a356fc22Multiple Site5 WordPress themes suffer from an email spoofing vulnerability.
3ae588eeb35bf8ce5278a0e55fc825b27cefdef0759ac73636c048ab0ff52b56Elite Bulletin Board version 2.1.19 suffers from a remote SQL injection vulnerability.
38ceedd2da888919b9e4f13ce5a14bd3fb372a6bf5708329aa373a96263aba8fShopware version 3.5 suffers from a remote SQL injection vulnerability.
5a6df1b8bd0a494ca93cc2d947cf380ac0ddc0a03aa982f3f7ca4cdd7b20e18cThis Metasploit module attempts to authenticate using a hard-coded backdoor password in the Simatic S7-300 PLC and dumps the device memory using system commands.
d6907293e454a396426319c60a1d46ca00f48f5825d6033b2984938b778a4ca1Akismet version 2.5.6 suffers from cross site request forgery and cross site scripting vulnerabilities.
80fd2945fb11406963aab824dedf83f727c0c37ef1aa8104a8256df820d3cbe7Mc Full Audio Converter 1.3.0 denial of service exploit that creates a malicious .ogg file.
3857f0a48ce2d3fa17ec113156b87a87ad36311188b97b1b48a40ce6efafea26Kool Media Converter version 2.7.0 denial of service exploit that creates a malicious .ogg file.
3e3726b25afd1b47737aa057bcc6c3252389d6821ad5912a063c33c2c76dd3e8The Joomla OS Property component suffers from a remote shell upload vulnerability.
2319911a51d2f907dbdd7a4d6226212e3052f622977a3c72772152ecace5dd11The Joomla KSAdvertiser component suffers from a remote shell upload vulnerability.
54de96cd083b6fb565bccf13177d146934ddaefac5016487fb873d261c227b3dWebPageTest versions 2.6 and below suffer from local file inclusion, shell upload, file disclosure, and file deletion vulnerabilities.
89dcea13ec2ce098c36406bb3eb0f66cf4abc25e56f9529e8cf96f1886dc3447WordPress Resume Submissions and Job Postings plugin version 2.5.1 suffers from a remote shell upload vulnerability.
abb9002f357afe4cc499af58b4cec029b8eafcb2610d8311454bcd553f75f567Ajax Data Uploader suffers from a remote shell upload vulnerability.
9f7ee95a3d29326c1ee467ff1021b8c1447ba8a1514a4d8fb8f20b122a2bb4bcMagento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.
89d448f5823f6c330e5a4b53e23014a5b1fe003dd4087081ff3c078b9e4d3271GLPI version 0.83.2 suffers from a cross site scripting vulnerability.
f5b2c4c3483e2fc4f8c4c71cf68580c2f1cec99231c16a7d5963d408d62baebaWaveSurfer version 1.8.8p4 memory corruption proof of concept exploit.
d4deff1bae6282d551700d55692f595d5773d5a0250ecd06933d407d8d9fca97House Style version 0.1.2 suffers from a readfile() local file disclosure vulnerability.
f0e12ae5abdf3d6c1f4d058141489a08c550c3d153d77562c509b480d09570aeeCan version 0.1 suffers from a local file disclosure vulnerability.
3554c4524462040f5dda78c445352d07b4b18d5640ec8b6a0de6960bcda363d5Lc Flickr Carousel version 1.0 suffers from a local file disclosure vulnerability.
dc7d17c6acb8edf73ecc37248cbc4108c8901dc3dbb59bf06deb7163d82d68e9ZipItFast PRO version 3.0 heap overflow exploit that binds a shell to port 9988.
ab680f9134fecd5dfa2d8333c77bceee24944dda8791109e831b9c78dcc248d1Gustavo Antunez suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
45dfa21d4ac27c3193e728f09f57cf8b6e0c05492520c836b22a6db5684f2392Xoops module extgallery version 1.0.8 suffers from shell upload and file download vulnerabilities.
efd88a83367f65c5f985484f2a284435e4bff9c2448221292782b342964edd58
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed