Nagios NRPE versions 2.13 and below suffer from a remote command execution vulnerability.
e554055ae18cd9fe6bcd14421d423114eca4f1e47b88e319df4e7a81bb4acf86The Samsung Galaxy S3 w/ Android version 4.1.2 suffers from a bypass vulnerability due to S-Voice allowing the launch of any command even when the screen is locked.
f859a2a4bfd30be0e55663fe5c258853b5ad3a563064a6354107e8e25a8fc7ccSkype Community suffers from a mail encoding vulnerability that allows for cross site scripting.
f875298ab79c2bac8df467b2c5020347cac0994efeb657b8bd749495b90c5e33PHPMyGallery versions 1.51.010 and below suffer from cross site scripting and local file disclosure vulnerabilities.
20d47589fda76b6266aba44c1e813c04372ac15ad0236197863aa8da862bb577Web Cookbook suffers from file disclosure and remote SQL injection vulnerabilities.
190be9195cee32cae8fedc09d268ca560d5320e5f2cff88ab751a247c7d6146bOpenEMR version 4.1.1 suffers from a cross site scripting vulnerability.
2794e272098c49fab5ad0608f9d0bb8abb46fa3cfb850da04587f0f744cfa619EasyWebScripts eBay Clone Script suffers from remote SQL injection and CRLF injection vulnerabilities.
b043a94f844af4460c90d1bbb5fd0e0f1838373d2498784f9ce3b6c6d0231de2Alt-N MDaemon version 13.0.3 WorldClient and WebAdmin applications suffer from a cross site request forgery vulnerability.
7254dc66cd6fba6e9a6eb7e9d46b3ad55c8a16813b7770255f61f633561438bbWordPress Pretty Link plugin version 1.6.3 suffers from a cross site scripting vulnerability.
0bd94f72723b7408dcb28b0101289332e56f5ec23c7de0a8015324251cd66bfcThe Alt-N MDaemon version 13.0.3 WorldClient application suffers from a predictable session identifier vulnerability.
92424873721cd173dc332823577d395adb3e123a0b90d2cd1514c100d2e80883Alt-N MDaemon version 13.0.3 suffers from a cross site scripting vulnerability in the email body due to a lack of sanitization.
7325b220864d0b6ff380a077b29aa8c7293ee9eaa3cbb5bbf03f8dd6edefd13dThe Alt-N MDaemon version 13.0.3 WorldClient application suffers from a username enumeration vulnerability based on responses provided.
88ffc39eb1145981a8577ef2cd3a701922e79b7e248031243a1d54728446a564The Alt-N MDaemon version 13.0.3 WebAdmin application suffers from a remote code execution vulnerability via the user account import facility.
b1e0f846c97665c28984ae715b8e4178e351676b7e1aef82d5ac59c0302500d2The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a credential disclosure vulnerability. This is possible because the application replies to a request with a response that contains the credentials in an encoded (reversible) format.
5e526cfd34acc8dc5cebe4e940c88c797073c12adce735bb8dc9adf90132aebfglFusion version 1.2.2 suffers from multiple cross site scripting vulnerabilities.
6306b577c5a62df9e36abe88ce8b0307d8747c5119f8cf35f07026923b542faaphpMyRecipes version 1.2.2 remote SQL injection exploit.
48cf9d477ec7a80c51ed5ab37dd272196f3a99397e30828b2d1164825dd48df9RTTucson Quotations Database Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cdcaa384c92df2bf334a9b66417054e96b8f61a54b8d21f9c18d3692cc3dc645Zenphoto version 1.4.4.1 suffers from a remote blind SQL injection vulnerability.
d966ea31e8b17b2b96cb9927385cb3b427eac99bb64c3cc081daaa582daaf212This Metasploit module exploits a stack buffer overflow in BigAnt Server 2.97 SP7. The vulnerability is due to the dangerous usage of strcpy while handling errors. This module uses a combination of SCH and DUPF request to trigger the vulnerability, and has been tested successfully against version 2.97 SP7 over Windows XP SP3 and Windows 2003 SP2.
fd7a317c230213f8edc299a76b9d39aee9e244cbb2a205aa46a90b61823d7feeThis Metasploit module exploits an arbitrary file upload vulnerability in BigAnt Server 2.97 SP7. A lack of authentication allows to make unauthenticated file uploads through a DUPF command. Additionally the filename option in the same command can be used to launch a directory traversal attack and achieve arbitrary file upload. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of BigAnt on Windows XP and 2003. It has been successfully tested on BigAnt Server 2.97 SP7 over Windows XP SP3 and 2003 SP2.
dc87880460e34e43169ec0e0613b958641d3dd6f47c0902d800d64b756f31d6eThis Metasploit module exploits a vulnerability found in OpenEMR 4.1.1. By abusing the ofc_upload_image.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on OpenEMR 4.1.1 over Ubuntu 10.04.
09f5efca41c484db706376ef3dfea164467c56c4d486e5b9040b98c0af8c332aSquirrelcart version 3.5.4 suffers from a reflective cross site scripting vulnerability.
a46543a8bb0ab278d3990bfe150c544ddc8dd309411ee1a9c232ac64cf315571YAML, MultiProject extension for Trac, UserCollections extension for Piwigo, TAO and TableTools plugin for DataTables plugin for jQuery are all affected by the cross site scripting issues discovered in ZeroClipboard as they include the swf.
d81a83c614cfc84ec66ca68b939dab7074dc98d401693f0c5c6943182dcd0229Kodak's Insite Creative Workflow System suffers from a remote SQL injection vulnerability.
dfd8885731a743f54a2b98717b42b9119da28cb80197e4c3bcd619044a40a31fMyFi Wireless Disk version 1.2 suffers from cross site request forgery, local file inclusion, and remote command injection vulnerabilities.
6ed86f1279f3c02e7df43034482ff6bf89be0c4ffd9b21dc08e458c3678096fe
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed