WordPress version 3.4.2 appears to suffer from user enumeration and path disclosure vulnerabilities.
f672ffa3fe1c2cdc32145c392c8ccd21e2a5005b5593a62f5cdd4f6628b98a9bAvcmedia CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
386079be1ad4a0714a78b9a73a2cebfd9bde5ba6e3a91636f4f08ec4ab3ec5f2vBulletin version 4.1.12 suffers from a remote SQL injection vulnerability in blog_plugin_useradmin.php.
2ff2c6b6842c2bb85c4e27bab7b624e79849eea8da77f95cba7862aa7f6a63b4A simple request to WordPress discloses a given author's name in the title when you enumerate values for author=.
523ced8ffd06cb5ce06338ed19e6b1fe16dd2776ba083fa543553d63fdd4b571The xyleborini.tamu.edu site suffers from a cross site scripting vulnerability.
4f88ed7a023e0920a77e80db5cb7198de51117fa5c8651973c231353a4dc57e1Firstlink CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
58be632f68ff8d719c6cc5463e32182f4b7959cd9c1536ae91eeb81c324c78acThe med.stanford.edu site suffers from a cross site scripting vulnerability.
26cbcda4ef772831a47575ad437d5a04a414a6ed96e780452ac0b6f2ee00e8abThis Metasploit module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec() function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it.
66f9396f0db135d2fa969a6675b705145fd8d9a8e475df6ffb4eb653d1a76be3This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.580. The vulnerability exists in the /file/show.cgi component and allows an authenticated user, with access to the File Manager Module, to execute arbitrary commands with root privileges. The module has been tested successfully with Webim 1.580 over Ubuntu 10.04.
d7e27005cef2dea975ee0263e61102bda3d07c173825124a4099ef2ae10c8605Spiceworks suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions 6.0.00993 and 6.0.00966 are affected.
4ce5933102d2ccf865d7267ad00d42bf306c382f9f03e4434c196f2d1258452fTorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.
7185dd5b6ed5a821ecd9a5ec901d5d961227f2ab65af5e4ed90e84f1cd946946Novell Groupwise versions 8.0.2 HP3 and 2012 suffers from an integer overflow vulnerability.
f82e2a8cfbd871bf746381353b9d597a48d059ad35b2d45116b4b230fc917e0fNetsweeper WebAdmin Portal suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Note that most of this data released back in July of 2012 without the SQL injection information.
334e61b447c540bdcd2f46a9286fba1fb02a185a296fb66758697dd81cba3c6bA local buffer overflow vulnerability has been found on the NCMedia Sound Editor Pro version 7.5.1. The application saves the paths for all recently used files in a file called "MRUList201202.dat" in the directory %appdata%\Sound Editor Pro\. When clicking on the "File" menu item the application reads the contents of the file, but does not validate the length of the string loaded from the file before passing it to a buffer, which leads to a stack-based buffer overflow.
a1f0e2a2be8b3403de464902a0d925d7567541a522d8d12be77fb9410aac9104LuxCal version 2.7.0 suffers from cross site scripting, information disclosure, and local file inclusion vulnerabilities.
503bd9fd609f08e15c9a8ac9ee45ba2ebf9dfbf41405bb3bcf3614423544d6dcFreeWebshop version 2.2.9 suffers from cross site scripting and multiple remote SQL injection vulnerabilities.
f0f154ab364674f14b5f153465e8811cc06e2b9b2d41a40b64d7cf47db4d65cfNCMedia Sound Editor Pro version 7.5.1 suffers from a MRUList201202.dat file handling buffer overflow vulnerability.
622be827ae2f496adf9292ac657f311604c6fcd62f590a02bc8c7745d6858de5webERP versions 4.08.4 and below suffer from a remote SQL injection vulnerability in WorkOrderEntry.php.
6a3662b7c29717d2a88024524394dbdf12cf57e1da607c8a6457fcc3b5244904Sites designed by IRIX suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
2e1d97b25f5cf62f82dd3038d4d74f2fdf27973b47773218d61fd699c2992eebMinimal Gallery version 0.8.1 suffers from multiple cross site scripting vulnerabilities.
f6e1be94b3b6eb38283071b8ae44fb73d794a2ee4f0d4d32b0a40007d5429c96Megabirlik Bilgi Islem suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
ea00f1753b2177f19d6b689e1b2a40fa98c75f03b0c3cbd0f19f549e069751ffHuawei Technologies Internet Mobile unicode SEH-based buffer overflow exploit. Works only on Windows XP SP1.
94121e361b21a76c84d21b0577c7bd10dbd0821cac5bd77f02b44d238e67dc90Multiple Harvard sites suffer from a cross site scripting vulnerability.
fd348532e888a168e85335a433f44b72beced3ef4748cacc087f173116c96f3dAuxilium PetRatePro suffers from remote shell upload, add administrator, and remote SQL injection vulnerabilities.
6024f5b4c8646cdc47ee02ffd2991ddc141178ad096133a6cc83d5f57b2431b2Offerings from identity.net.au appear to suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
9d2b322ca0da60c2b5e188c1b11e40334906f2e57061c75eb61055d5fd9838f9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed