WordPress ArribaLaEsteban theme suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
46b56b583d13fbd785a4b7cafc11564f5d8cb0aa6772383501590c78c12e0df9WordPress List Communities suffers from a remote SQL injection vulnerability.
c4de9d572b2d132ae0dfb5d55c3e39b3e3caffc8e6b4596397740a702e797fdfSites using Agencia[e] suffer from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
33214a7e0b37867304fa84e40e5eb67bc5518bce9a0bff9de4fbabcf42906abbNFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to upload arbitrary files via a directory traversal while handling requests to /FSF/CMD with FSFUI records with UICMD 130. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).
6e8968d0aa343e5878b656cc49cedf13effdc0839611e2fbdacf11ca679628dfFriendsinwar FAQ Manager suffers from a remote SQL injection vulnerability.
92e36cb7108edc9a74b69d10351949489ad7b525325db1dfa75164b9de07491dOpen-Realty versions 2.5.8 and below suffer from a cross site request forgery vulnerability.
92329b7043af1d4783fb11947d21277ddc61a87ca7d8cda419922fc9dd67a8c8MPC (Media Player Classic) suffers from cross site scripting and denial of service vulnerabilities.
9b1a81a8cd2194bc5a76801841955ea9df4393b8078734072443a73fe1df4916Kies Air suffers from authorization bypass and denial of service vulnerabilities. Android version 4.0.4 build number IMM76D.I747UCALH9 is affected.
426a0fb2aac0ca8cc014f2eaf42bb99b39915cc9ada276b50cb2454adf81aa57BugTracker.Net versions 3.5.8 and below suffer from remote SQL Injection, cross site scripting, and file disclosure vulnerabilities. Full report and advisory included.
f6d5f1fa984abc41834fd266a98e43d88d5e71390ad9ba926bb5a1b98c758c10Broadcom models BCM4325 and BCM4329 suffer from a denial of service vulnerability.
cf980fa9d05cceaa362eff7a28f9098ac75e401737d2e0e9b98614a78571cf97Friends in War Make or Break version 1.3 suffers from a remote SQL injection vulnerability.
81ad86c40bc7d1ac6b2dfe9298413b363facb2e3856fb74dd248ce7d89c741ceWordPress Tagged Albums third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
3f38e28c0351687111b71297dd167293add631c46e45b2e92ccf7781e74f16e4Rollingstone.com suffers from a cross site scripting vulnerability. As of 12/23/2012, the author noted to Packet Storm that Rolling Stone has addressed the issue.
ccc58a651ef83f70fa9a186c7a2e6ef83c0652b758b8f4e789afe50c63a45c66This Metasploit module exploits an arbitrary file upload vulnerability on the Client Analyzer component as included in Oracle Database 11g, which allows remote attackers to upload and execute arbitrary code. This Metasploit module has been tested successfully on Oracle Database 11g 11.2.0.1.0 on Windows 2003 SP2, where execution through the Windows Management Instrumentation service has been used.
84145a2bd1465f746c9f1fb3cb57ffe9811d8c12fa296a6bdabb07a13010b2adNovell NetIQ Privileged User Manager version 2.3.1 suffers from a perl code evaluation remote command execution vulnerability in ldapagnt_eval() in ldapagnt.dll. The secure web interface contains a flaw which allows, without prior authentication, to execute a Perl script with SYSTEM privileges. This can be done by sending a POST request with well formed data. Full exploit included.
f2677910b884afa12ade6e175014677e91e4db77215c215f570b78204891f70bNovell NetIQ Privileged User Manager version 2.3.1 suffers from a remote code execution vulnerability in pa_modify_accounts() in auth.dll. The secure web interface contains a flaw which allows, without prior authentication, to change the password of the user 'admin'. A remote attacker then could login to the web interface with full privileges and trigger underlying vulnerabilities to write arbitrary files against the target system with SYSTEM privileges. Full exploit included.
cb5b36fa91506836a8939d6ca42408814c64880b86065e5e6fb112b35bf19520iDev Rentals version 1.0 suffers from multiple cross site scripting vulnerabilities.
f49da30c25577ddf778c0ccd319f4256b0419b13ab196f1602832edc06d22abcFriendsinwar FAQ Manager suffers from cross site scripting and remote SQL injection vulnerabilities.
35337c062bae0717390401b351c07341d274c3e80221eb3e15364f51ee464aeaMYRE Realty Manager suffers from cross site scripting and remote SQL injection vulnerabilities.
d5ff8b648ad3cae3d14441af81959bea74776efd85a682de5df454716026745eBabyGekko version 1.2.2e suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
15766bd77f90d3557a510c8aad6e0286a9c018097e660157f8489b73cd044cadReciPHP version 1.1 suffers from a remote SQL injection vulnerability.
f54d0e90430b38774a0ef5969347d9173696afd36770149c7b94b66070bc88bbNarcissus online image builder suffers from a remote command execution vulnerability.
1e7e866c2471ee4f3e78a4cbfbe1c015cc3162c100922051cb553dfb05ba2c43dotProject versions 2.1.6 and below suffer from a remote file inclusion vulnerability.
fa2ee4b0d4a5a30660b415dc6dd6f5911f2d4414c98606428fee81675aaad1d2MYREphp Business Directory suffers from cross site scripting and remote SQL injection vulnerabilities.
70cd134c606c7842572913c8c656a1d3cc1d019a4b524b4cadff9d468705d834MYREphp Vacation Rental suffers from cross site scripting and remote SQL injection vulnerabilities.
9bccf8f7c5e08e2baf602e08cb0c1a1e04e78dad4bb5f371893e40e7a2a40d03
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed