Allembru Ad Manager version 3.0.2 suffers from a persistent cross site scripting vulnerability.
c17d6ba03ce68cb494b6af0d86c15683782964c178fa3803ff14b4d5f4ad75abCalendar Script Easy Membership Management Application version 1.2 suffers from a persistent cross site scripting vulnerability.
16f16c1618bc031526405b1143082ceb9cb684dba30f827742446c5badeaceb5PHP Shop version 2.0 suffers from a remote SQL injection vulnerability.
bf2e314f6bee9de6279db4056fee862019967da75bdb7fcd33cb0af3c2bb5691The Serva version 2.0.0 DNS server suffers from a QueryName remote denial of service vulnerability.
b5cbd744342ad1eecd6b836f545154e91f162a2f846c7f9001896942b50d5e8dThe Serva version 2.0.0 HTTP server suffers from a GET remote denial of service vulnerability.
001b100a5c4e82ff91b36a959ef4c456faa5256c9837bae79b525146f1d84dc1Nibbleblog version 3.4 suffers from path disclosure and shell upload vulnerabilities.
4a9155a4b7e5e0064087bb554e20c312f71b9305a572fb44142bbcdc6c4fc503The WordPress Daily Edition Mouss theme suffers from denial of service, abuse of functionality, cross site scripting, information disclosure, and remote shell upload vulnerabilities.
335a5efd918ad47de67d9346c79676913e0a6826499a0695731fbd09eb8af336Microsoft Lync 2012 fails to properly sanitize user-supplied input, which can lead to remote code execution.
61de4ae8908966fb99a4402d4a1ab26569054da13bd2adc7681cdd71ec499425WordPress Floating Tweets versions 1.0.1 and below suffer from cross site scripting, path disclosure, and directory traversal vulnerabilities.
66b5159581cff7c6e7158f2d4d68344064f524235219abbacb8b3267adfcbb35Sites designed by Avalon IT Services suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
9d932dd366e09440b53d0f41543fefd4da9996d67d8226c4a4eab660c2ee97b3This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier.
4a0fb8aa0b393da39aa32b84a93368c9393fd500aac21eeb9e7f26dc757220b7This Metasploit module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This Metasploit module has been tested across multiple versions of RoR 3.x and RoR 2.x The technique used by this module requires the target to be running a fairly version of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be exploitable using the init_with() method, but this has not been demonstrated.
d099a77a1ca32680eece9ad884f4cd0bf31f1df58198575de5142cf570a88342Hero Framework version 3.76 suffers from multiple cross site scripting vulnerabilities.
4d0f44952295c2906ae21b003ed926cedf8f15614af2730d2fda474afa75b706Internet Explorer 8 heap overflow exploit with ASLR and DEP bypass that spawns a bind shell on port 4444.
b570320daa4262220db4c1f58d4fed98a833192b202f58d2311bc5bdd9a38d0fPHP Lite Admin versions 1.9.3 and below suffer from a PHP code injection vulnerability.
3a897b59d51cd8a739c4daecc9eaeca0a04ab42ea6f0efafd282a2f0a940c923Orange HRM version 2.7.1 suffers from a persistent cross site scripting vulnerability.
43e75c2701bb946a7b775501f76bbaf709ace8b9e0a562b83aed7b1e8a943f25SE46 from Cryptzone and Application Control from McAfee suffer from file handling issues that can allow for arbitrary binary execution.
efbcdf48625ce7bc7327f19051a636ea8f8e2c3089629f3de29c07c0d05ac2b9WordPress Gallery plugin version 3.8.3 suffers from an arbitrary file read vulnerability.
53fde8d2df0a47c183ebedd6f9ebbfca383484d402ee8eb3004bbbacb87a7f2aPrizm Content Connect version 5.1 suffers from a remote download and code execution vulnerability.
7ace198c0e8fe9862c5b068428b6d842af8fdfbe78822a19139d611c91c46320BT HomeHub version 3.0b has a remote vulnerability that can yield an attacker a root shell. Exploit code included.
c0d6d59e32c4113bf59bfc7217f3e658aad028ac4978ba276e451a4c3b03f97bThe heise.de site suffers from a reflective cross site scripting vulnerability.
8fd7c85439a605e446c8c2cf6fd876c19e8cd23e97fc67b703b2472df1e97294The uk.ask.com site suffers from a cross site scripting vulnerability.
d02dc9b5ecfddb689cf57fc6a9a5f0736bc0a3ddb1d2c85a32365d8bab49d534The www.elitepartner.de site suffers from a REFERER-based cross site scripting vulnerability.
3a5739370ac00677e8ce70c188395bb7f6a1ccc2940c8c4135b13a056e87a498Business Solutions CMS add administrator exploit that does not require authentication.
fa6b20834c1535c6a89139a7f3194efde7fe3bb133b1ffaf7e80a747ce527856This Metasploit modules exploits a vulnerability found in the Honeywell Tema ActiveX Remote Installer. This ActiveX control can be abused by using the DownloadFromURL() function to install an arbitrary MSI from a remote location without checking source authenticity or user notification. This Metasploit module has been tested successfully with the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and Internet Explorer 6, 7 and 8 on Windows XP SP3.
b30345fc0ce669f179e6185df91c57d68d20a383c5a011c0ba877c1319ef539b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed