Puma.com suffers from a cross site scripting vulnerability.
9a6077194d65dfacc4d2f18883f2652b3d4f693d2182054e755895b95d48e936ActFax version 4.31 local privilege escalation exploit that spawns cmd.exe.
697ffa7fdf16ff3683bbf980a8167a2982f5b6f043569821203b066d92d2311cPlogger version 1.0 RC1 suffers from multiple cross site scripting vulnerabilities.
b08982a7f4aad0a11297e5e0c3ee78eaa61fcc4a4f0ce5989b79efb7476686efRV Shopping Cart suffers from a cross site request forgery vulnerability.
ab31b6821553d20ce09762d09990530537d2efbdc776a58973ce3b6e2051bfdbRV Article Publisher suffers from a cross site request forgery vulnerability.
02a459cfd58a5abb7e58a15a6e14c09b22eaccd57bd2a75287901667e70ad6f3Simple Web Server version 2.2-rc2 remote code execution exploit with egghunting and ASLR bypass.
d1a0e8222f1406b84f1faec89add1e2b2f68a199e3ffad7936a87cb2222ae326WordPress Cloudsafe365 third party plugin suffers from a local file inclusion vulnerability.
bd5a56f7a933bc5955131ed5397be43665b68251d1ad3b374a4d6b79d858d3f5Arihant Infotech CMS suffers from a cross site scripting vulnerability.
e943e1e25984a03df8bf7e03c6a9dd90872d10256c23e6fbcd489ae15cdc9ee6MTV.com suffers from a cross site scripting vulnerability.
a92d3f773cdd8d8a76b2589b80e5361799f19b825300a3476f09b03c016fa039JQuery Tooltip suffers from a cross site scripting vulnerability.
088a62925514da2dffb93c28a026cbae071b0c06e7a4b5e8e1b290742bd24e07ANGLER Technologies CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
22dfeff7a30a7f4a403d2e876f9680a35fb0be68ca5c87a03a2d93e83c2d9ccfInfinite IT Solutions CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
c685c8b5de40d9dfb781bd47d8dec4c23d99e93b963742590f5471272059ff57Distantia CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
d9677b4a5f30fd830e3df8ec7154b4c92f449197b8e3a61725cb5de8978a6ae8This Metasploit module abuses the "Command" trap in Zabbix Server to execute arbitrary commands without authentication. By default the Node ID "0" is used, if it doesn't work, the Node ID is leaked from the error message and exploitation retried. According to the vendor versions prior to 1.6.9 are vulnerable. The vulnerability has been successfully tested on Zabbix Server 1.6.7 on Ubuntu 10.04.
c4c37ca2fbeb9dc136f6ed37edc9e1410341536d23168c981616809399bccf93This Metasploit module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. The vulnerability seems to be related to the use of the newly introduced ClassFinder#resolveClass in Java 7, which allows the sun.awt.SunToolkit class to be loaded and modified. Please note this flaw is also being exploited in the wild, and there is no patch from Oracle at this point. Our module has been successfully tested on multiple setups, including: IE, Firefox, Chrome and Safari on Windows, Linux and OS X, etc.
5ad9244a813015246c4b0e8bd5e77b71df43a8026083619c5950c1be4875177cConceptronic Grab'n'Go and Sitecom Storage Center suffers from a password disclosure vulnerability.
5aca9836ab124cc5eadd41fd71d2b7a522619f976b9d3c4cef58f45f4967b641Express Burn Plus version 4.58 suffers from a vulnerability that is caused due to a boundary error in the processing of a project file, which can be exploited to cause a unicode buffer overflow when a user opens e.g. a specially crafted .EBP file. Successful exploitation could allow execution of arbitrary code on the affected machine.
08e7ff9e01fa59fc164d33e4e3df8f5a40ec708c92dcabf0c5283bfdfa23259aThis is a whitepaper detailing how to perform authentication bypass against Sage 50 Payroll 2012 version 18.00.031 using Immunity Debugger.
bf9e32ff6711bdd25f0473894bee2ccf852a964b8f3280f156abf18fd8f4ec99Wiki Web Help version 0.3.9 suffers from a stored cross site scripting vulnerability.
e68fce127757a39e865dc1d2314d2b2291059f24abc8dca32bd3b811ac595f4eConceptronic Grab’n’Go Network Storage and Sitecom Home Storage Center suffers from an authentication bypass vulnerability due to doing all cookie validation in javascript.
a8ced793b1d6580a69a234553e0bfa276e70ddada5bbd956902b6b3f8cdbd9b9XWiki version 4.2-milestone-2 suffers from multiple stored cross site scripting vulnerabilities.
c25959b05ad0c3c4ffa247f3a057eebafca9fa9ae6be574d7c1032d7c874d265VLinks version 2.0.3 suffers from a remote SQL injection vulnerability.
b23c5588697d4e2b9fed3c47f1cc90d681247e484cbd8dd9bc6554bd7c96e605CommPort version 1.01 suffers from an authentication bypass vulnerability.
f452f7ccb48a60edc5d99a67b983276202b6fae18cf2d19313b49d3c85e0732cSilly Fellow suffers from a persistent cross site scripting vulnerability.
0bf829fa089cb8954d682d2197a17e2c1bf6350d1c309d3ef4c73776304764e2CommPort version 1.01 suffers from a remote SQL injection vulnerability.
6721f54935455b70225444dccf2aed30092482422ee8ee5cc79fd86e61bd132e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed