Digital Age based sites suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
65865b41035f0e109ed0ff69fb318c3c7b2d7a540a87c9053f391c980ad7e987LinkedIn suffers from clickjacking and open URL redirection vulnerabilities.
b6579358ab8ea2745cc3360e9133088f1110d9aebb005e3b3138404134f48e5fConfluence Wiki versions 3.5.9, 4.0.3, and 4.1.4 suffer from a cross site scripting vulnerability.
9bcf399a2e8ea5531b3605b2128bf6b02fa2c55f7a7dea89f867a811b06a28d7Multiple CNN sites suffer from a cross site scripting vulnerability.
096af4011880d288a5647811b198a78701418586dcb30a2927def6dfc9268a09IFOBS suffers from cross site scripting and brute forcing vulnerabilities.
065d53ba03513e5662ef8b879522b39ede97e028bf86ca1db8b8b6aa9679f634Vetor Design based sites suffer from multiple remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
fd917f043929b483d7b010f851cf056f010cf2f878bc643ccff5d44b63a5148eTrainor suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
8299bb963d997ff2b0c5b98826cea0e0e7ba4cb6b3b7b717e49f86db73db7f42The University of Wisconsin suffers from a cross site scripting vulnerability on commarts.wisc.edu.
3c9dbcba637bf78582ce1f17faef4824ab22c796a14ea0dec8e3fac15a409641This Metasploit module exploits abuses the FlashTunnelService SOAP web service on Oracle Business Transaction Management 12.1.0.7 to upload arbitrary files, without authentication, using the WriteToFile method. The same method contains a directory traversal vulnerability, which allows to upload the files to arbitrary locations. In order to execute remote code two techniques are provided. If the Oracle app has been deployed in the same WebLogic Samples Domain a JSP can be uploaded to the web root. If a new Domain has been used to deploy the Oracle application, the Windows Management Instrumentation service can be used to execute arbitrary code. Both techniques has been successfully tested on default installs of Oracle BTM 12.1.0.7, Weblogic 12.1.1 and Windows 2003 SP2. Default path traversal depths are provided, but the user can configure the traversal depth using the DEPTH option.
7ce41ed8870542efde605f50001955d8595ff56317328c0892477dec49dbddecTrend Micro InterScan Messaging Security Suite suffers from stored cross site scripting and cross site request forgery vulnerabilities.
d86efa1d88ecdbb7560b3e29adb1a12d5b6a2953d61809ccae4d56fd757440dcWeb Biz India suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
4c8b887299c6bb74d5f1c320fa89562c99f21650029fb5407ef1a7bfbf936e82Internet Download Manager SEH based buffer overflow exploit that spawns cmd.exe.
6b1d1f0931da27bc6e7a701bad516d556bcb7d07ac95b7850477f687fe80adc6Apis Design suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
32481e797bcb310151a7e6e4bb4076e9e111381107140f68fa1c19723c254489The FCKEditor as used with Mambo and Joomla appears to suffer from a local file inclusion vulnerability. Note that this finding houses site-specific data.
f219a4b356a444e51fa698fdc29ad6feefbbc50579e18c529aa2e589001587d8AsaanCart version 0.9 suffers from multiple cross site scripting vulnerabilities.
d012c781e38c2ca86b6dde2c8b0f0f267153528455524c83c5b4b438d1f74cfeVersions of udev < 1.4.1 do not verify that netlink messages are coming from the kernel. This allows local users to gain privileges by sending netlink messages from userland.
a339530d415e4d147ac5e6556a603790385a27c54518e11e95069181161f0615This Metasploit module exploits a vulnerability found in qdPM - a web-based project management software. The user profile's photo upload feature can be abused to upload any arbitrary file onto the victim server machine, which allows remote code execution. Please note in order to use this module, you must have a valid credential to sign in.
f5f6ba93d6feeeed1d320115b76b89c669688a7089990888c0aafa5f2993314cNeoBill CMS version 0.8 Alpha suffers from multiple cross site scripting vulnerabilities.
822afd129543fb06bff19bee3fad9eae0858443e77bff5c180bcdd818f30d07aASTPP VoIP Billing (4cf207a) suffers from multiple cross site scripting vulnerabilities.
9170586ac48be9d705b106c2a789416c8d055cc9e85a296383a20326390d1773eking CMS suffers from a remote shell upload vulnerability.
d336902cadf6e4bff5d858679266f94e11af365d316fc0c2e0066cd79e4705e5MediaLab suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
f432a3493a7dfa182008b659655ce7486daeb8263fbd6ba9bb2c2434e64f293bInternet Download Manager suffers from a buffer overflow vulnerability.
ac2a7cf7ff7d28aa6957250c17b97b117ba47f182bbbd26140d2b8a239610de7The Fortigate UTM WAF Appliance suffers from cross site scripting vulnerabilities.
973037cd16c3619fefcd01e291bd7d062370066524132c4aedaad8cd3c188506Webify Photo Gallery suffers from a remote arbitrary file deletion vulnerability.
5a20c707c752685a34c581c231d15603b59918c1f6f5b8c939b59d137876e2e0Knowledge Base EE version 4.62.0 suffers from a remote SQL injection vulnerability.
9465812d6d39ca2ea7ee5e988a03f2a66cbeedbbe8e2f6de8750fa79100f936e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed