ES CMS version 1.0 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
daa80edba48418d7f028eef0daced982f7b36eff55719be1f08023c6b001181eswfupload_f10.swf and swfupload_f11.swf both suffer from a cross site scripting vulnerability.
a064f09576b12ab9d5a45fe75c0226e749c3b0025cd2959f6177a48202d94b92Army Ezine Colombia suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
15188ed796801a9d0a3f0e2dab1c9a7050d8a3174f895338116f2f758fe78230jBilling versions 3.0.2 and below suffer from a cross site scripting vulnerability.
4ceac8d0fc1f1afec1cf3dcadedca25fa1795ffaf93a687d404a447d3f2a5c35WordPress Malmonation theme suffers from a remote SQL injection vulnerability. Note that this theme is specific to this site.
5e7908209d87b1e1f212f6ab59e22fe30ff71c8f26dcbfee81ee4769a88aa0a7Beat Websites version 1.0 suffers from a remote blind SQL injection vulnerability.
88a56d21e7494bc2d27b6237a91c756294b7134a1ab51354af09d4a448df1cceGreenstone Digital Library Software suffers from cross site scripting, password file disclosure, broken salt, and log forging vulnerabilities.
6abb1bda55fdf2a144f85a5781c58e9555df57ab3346329f169d03b28b7f55e7Cisco WAG120N suffers from a remote command execution vulnerability in setup.cgi.
3f3738e0fe87c901ce923fe505448e7d8a980e7ffb970f817472dc722f51bd86TrouSerS denial of service proof of concept exploit.
e1cf51f8e3c0f3a2a12e173d4fc14069721e2a542f1a4f8e7716091868d553afThe Twitter 5.0 application for iPhone grabs images over HTTP and due to this, allows for a man in the middle attack / image swap. Proof of concept included.
e23c89d44db9163f784b4ff04d606d1d56ae5646f4b6067a4cf9eb08c6eab232WordPress Zarzadzonie Kontem third party plugin suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.
dabbf8f277721a115251a4fc9ddc214797c96b3fbf36964e3d3366e8ea03717cWordPress Zingiri Web Shop third party plugin version 2.5.0 suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.
33e48b2629820bb1f49eb5160c1b5e85747875d370c0743db0987af583804bcdWordPress Webplayer Player third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
d69cd4bc562251e4c95062dd6d91dc522ad3027613df830d537ee3bf94f409e3WordPress FS-Real-Estate third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a95cc5c4f3002f51988d57a65b80a57548cc9d52aa6c7054c64b6cab72660b0cGianni Messina CMS 2.0 2010 suffers from a remote SQL injection vulnerability.
7413f864df6b0ffa6276a50f18c07ec9b0803cac1c325169b0ab7f2f1ed57b44WordPress Simple Slider plugin version 1.0 suffers from a cross site scripting vulnerability.
b62822bddeca9f6484d902fe80cc09828535e9f746d5cf7e2ffa58d421d49075Simple Lighttpd version 1.4.31 denial of service proof of concept exploit.
bb9db2d5fb90777223307f529d060fc6a280653ad1ae2d1bd6798d5cfd9126c8WordPress Plg Novana third party plugin suffers from a remote SQL injection vulnerability.
981db04fd87b5d87619c34a16a05e6dbd45876887adce6d3423107dafc1af622WordPress Magazine Basic third party plugin theme suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a0f0a2bb4d25112d7a6582eb26bee1291efed1a5f1e1f840369aeeedd948fe27ManageEngine ServiceDesk version 8.0 Plus suffers from cross site scripting vulnerabilities.
8616515dfc840b10244580b4236a536565045ddd3abdb1854b027016b0b960d7dotProject version 2.1.6 suffers from cross site scripting and remote SQL injection vulnerabilities.
d46225e6ffc0eec269ac97abe0411a6f3763bb5a9ed63edecc2da5f6af7a7779swfupload_f8.swf suffers from a cross site scripting vulnerability. Affected systems are TinyMCE, Squeeze Documents for SPIP, Upload Manager for Radiant CMS, AionWeb, Liferay Portal (Community Edition, which earlier was called Standard Edition, and Enterprise Edition), SurgeMail, and symfony.
7cb01fdd1e05d212be9f91472666f74a1a2ccbefb7f0261aa01eccfa4a976751This Metasploit module abuses a lack of authorization in the NetIQ Privileged User Manager service (unifid.exe) to execute arbitrary perl code. The problem exists in the ldapagnt module. The module has been tested successfully on NetIQ PUM 2.3.1 over Windows 2003 SP2, which allows to execute arbitrary code with SYSTEM privileges.
f79aa10f08abac5de98e9a1207c3259575b8c431b2e93a15ad5ebc8cf3d70deePHP Server Monitor version 2.0.1 suffers from a stored cross site scripting vulnerability.
a66b0a9487b95c5307915eccadb39223d33aa5451ae999c36c581fabd1220cfcThis Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.
e4e301239f9dd9233d1f53f7eeec494854791ab17cbfc496d7ff9fc4c9b4e501
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed