CubeCart versions 3.0.20 and below suffer from multiple cross site scripting vulnerabilities.
4e9e580d02f9a087f0f347635b4ca443628ed94ad143811b28fec47d15c58a99The Smoke Loader HTTP-based exploit kit suffers from a remote SQL injection vulnerability.
6168b8bae818826efed5db61c179383059d8815b98419a63863955dba82bf792Sony PC Companion version 2.1 suffers from a boundary error in PluginManager.dll when handling the value assigned to the 'Path' item in the Admin_RemoveDirectory function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
40ac68c731d79a2fe0247ebf674cfd97861c4839813d2aec0adbd8286d7a26c4Sony PC Companion version 2.1 suffers from a boundary error in PimData.dll when handling the value assigned to the 'OrgHeartBeat' item in the CheckCompatibility function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
d3edfac2ecdf4d74991e5ee8aaa6bd4bb66822eacf7e471b1d2ae48150f67cd8Sony PC Companion version 2.1 suffers from a boundary error in PimData.dll when handling the value assigned to the 'File' item in the Load function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
6852777c3ba50005a472c645be4b92305533367f61eeb74043cb82a0116f3cfaYeaLink IP Phone SIP TxxP firmware versions 9.70.0.100 and below suffer from default credential and cross site request forgery vulnerabilities.
874405777edd847f163325edf73c03b42d16a9c2dc18c2eda37f745725d199aa4psa VoipNow versions prior to 2.3 suffer from a remote command execution vulnerability.
9889092cc05ca0c360d1c888ac5dd274723646a753d62f1ba64b7fd58a84be33WordPress BuddyPress plugin suffers from cross site scripting and content spoofing vulnerabilities.
a2a973b41ca8cc4e4212a323806b5d414908948989341121167117923b861155Sony PC Companion version 2.1 suffers from a boundary error in WebServices.dll when handling the value assigned to the 'bstrFile' item in the DownloadURLToFile function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.
1b8f58d27bd44514aecfb7474faee685aaf87184b0f3d5a43bd93fe64016f4b9LogAnalyzer version 3.6.0 suffers from a cross site scripting vulnerability.
f890d7408490ef8e73e0a6ba7b407973a7e773f86abfa93c95a1a275450e27dbELBA 5 version 5.5.0 R00006 build 0796 suffers from remote SQL injection, unencrypted password storage, default credential use, and buffer overflow vulnerabilities.
c54c52eb248b249e3839005d54ed6fc24cfcb0ceb545a988aa2b640cf7a7f90cBanana Dance version B.2.6 suffers from local file inclusion, remote SQL injection, and improper access control vulnerabilities.
7e95cf4e35b826da73323e2068340d1504e654b6cf48268f922653b2f7de6e3aFireFly Mediaserver version 1.0.0.1359 suffers from a denial of service vulnerability that can be triggered by a NULL pointer dereference.
32f710929128a837905de7371632750aecfb1f0c76e6463bedec86ca624602c7Elite Bulletin Board version 2.1.21 suffers from multiple remote SQL injection vulnerabilities.
f6238bc2858a2e64a1c3b85e0997dc653e553e7e8701b8064c8c0e6b3ad71bbbThis Metasploit module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitrary commands.
9c5497a6325d67d7f481c7eb716e3d3140096da4260b045df2ab7396b276dad6gdb (GNU debugger) versions 7.5.1 and below ELF anti-debugging / reversing patcher that causes a NULL pointer dereference to trigger.
15210b5f30b75a27a8fe6e678bec4c924fc5aef2e3e9c1327f048ca3f2e13b9fIDA Pro 6.3 ELF anti-debugging / reversing patcher that causes a crash.
b621ceacd09444ff9fc01a41d5f4753069ac4eaac545eed53223b30f95090c1fFree Hosting Manager version 2.0.2 suffers from a persistent cross site scripting vulnerability.
335377c3da8b74855bab0926e442b783e0a025c0a92bad72b5f9cd8afec705f8DIMIN Viewer version 5.4.0 suffers from a GIF decode crash vulnerability.
37c08ac9d3c8f9530c6c4e0e67e12334cd8ee8d63de9a989e27cf8b8623af737Kiwi Syslog Web Access version 1.4.4 suffers from remote SQL injection and blind SQL injection vulnerabilities.
30c497b23b1f3b0a07ecbebf1a4e6f17d981770e58ae9b1af674bd68c74a5d58Joomla ZtAutoLink component suffers from a local file inclusion vulnerability.
8d7b7afaf7dc0deb578c05776b007a2e0e6a4fc0525e669d41c81a37107d3723Joomla Bit component suffers from a local file inclusion vulnerability.
56a0dfe953eb01f7814c7e0a38f7af1db46be7d121833068fc3e03448164fbd5EMC Avamar version 6.1.100-402 suffers from a world-writable cache file vulnerability that leverages /tmp.
e49cbec22954636f2d8675765991f6e9558126b4c14f04a788902ec16d34e6d5Microsoft Internet Explorer 9.x suffers from a remote stack exhaustion vulnerability.
d92f15f413457c5e0e27867c732c549570fd1dd935370f20ae2973bbf1b93532This Metasploit module exploits a heap overflow found in InduSoft Web Studio <= 61.6.00.00 SP6. The overflow exists in the ISSymbol.ocx, and can be triggered with a long string argument for the InternationalSeparator() method of the ISSymbol control. This Metasploit modules uses the msvcr71.dll form the Java JRE6 to bypass ASLR.
f99bd99b5b541326375a269f30ae36cdabc7a1c18a150d0b60fb51908c7a78c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed