Free Hosting Manager version 2.0.2 suffers from a remote SQL injection vulnerability.
4295a00581caeec06139b95b1fc60c8ee276284817c2324aecfcae44f23330aeThis Metasploit module exploits a vulnerability found in KingView <= 6.55. It exists in the KingMess.exe application when handling log files, due to the insecure usage of sprintf. This Metasploit module uses a malformed .kvl file which must be opened by the victim via the KingMess.exe application, through the 'Browse Log Files' option. The module has been tested successfully on KingView 6.52 and KingView 6.53 Free Trial over Windows XP SP3.
a222e0dccc97deceefae4025049d3943429ac06345a09773afe5955769586945This Metasploit module exploits an authenticated command injection vulnerability in the Mutiny appliance. Versions prior to 4.5-1.12 are vulnerable. In order to exploit the vulnerability the mutiny user must have access to the admin interface. The injected commands are executed with root privileges. This Metasploit module has been tested successfully on Mutiny 4.2-1.05.
1fad7a31c0a752bd14f7e1935025f6ba0a7fc35ef4c925b7202c07a9fca02a4aLocal root exploit for Mageia release 2 (32bit) using the sock_diag_handlers[] vulnerability.
583f10c762d370ddd5cd3c44ff64334cc20eb9b077d18cc3b9667645a0e13222GnuTLS libgnutls double-free certificate list parsing remote denial of service proof of concept exploit. Versions affected are 3.0.13 and below.
cdefe8cbc7db61295ac1d863eda74e91643144878d48831d727a329a03ac2ec2WordPress IndiaNIC FAQS Manager third party plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
4eef48563f974167e0475f2ccc99c75e0be7d32fa173da8022968e93ced51a37WordPress IndiaNIC FAQS Manager third party plugin version 1.0 suffers from a remote blind SQL injection vulnerability.
3d1a884edc47b4a97429ba801e284ca9de542f09d510a7f8693e162902fc8430This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.1.2. This issue is caused because the ParametersInterceptor allows for the use of parentheses which in turn allows it to interpret parameter values as OGNL expressions during certain exception handling for mismatched data types of properties which allows remote attackers to execute arbitrary Java code via a crafted parameter.
e56bcff70dfc308ffd717452aab966d54c1fdec14e8544d8df4198054ba401b9LibreOffice version 4.0.1.2 suffers from an update spoofing vulnerability due to not using a secure channel nor digital signatures.
0fd0fd152553fcde204b860ae9af883db4511e308c44f058a80c84db259f2843EastFTP Active-X control version 4.6.02 code execution exploit.
47eaaf588524ad7407e7c1eb004c09636584ead0b6cece7bf2405b531a30fe71This archive contains proof of concept exploits from Security Explorations. They waited for over a year for vendors to fix the issues in various digital satellite TV platforms and were ignored.
226671de37e4d85a2d62d0df29ac823cb5ba7b68f552e3d574a8e4642dcc0a49The TP-Link WR740N Wireless N Router network device is exposed to a remote denial of service vulnerability when processing a HTTP request. This issue occurs when the web server (httpd) fails to handle a HTTP GET request over a given default TCP port 80. Sending a sequence of three dots (...) to the router will crash its httpd service denying the legitimate users access to the admin control panel management interface.
cbbd0a53dee5bb6b847b2838e2927422d0cb6a346a1da9cd0b99f3e7270507f5BlazeVideo HDTV Player Standard version 6.6.0.2 SEH buffer overflow exploit that spawns calc.exe.
9ce87967f87508842e8c3d72a010fd4c0fd87459ccdad80168c5778fa1f745e8This Metasploit module exploits a stack based buffer overflow on Sami FTP Server 2.0.1. The vulnerability exists in the processing of LIST commands. In order to trigger the vulnerability, the "Log" tab must be viewed in the Sami FTP Server managing application, in the target machine. On the other hand, the source IP address used to connect with the FTP Server is needed. If the user can't provide it, the module will try to resolve it. This Metasploit module has been tested successfully on Sami FTP Server 2.0.1 over Windows XP SP3.
f2ce755b550afa23d41b892e96930bfc4c6426f8a8a9869ab6859d2655918b0eThis Metasploit module exploits a stack buffer overflow in Cool PDF Reader prior to version 3.0.2.256. The vulnerability is triggered when opening a malformed PDF file that contains a specially crafted image stream. This Metasploit module has been tested successfully on Cool PDF 3.0.2.256 over Windows XP SP3 and Windows 7 SP1.
b2cb27956204683b3f3b2b5177e1be282a14b7dbbf83dcb82f490a969c5a32f1A local privilege escalation vulnerability has been identified in Photodex ProShow Producer version 5.0.3310. Insecure file permissions on the executable file "scsiaccess.exe", which is used by the application service "ScsiAccess" under the SYSTEM account, may allow a less privileged user to gain access to SYSTEM privileges. A local attacker or compromised process is able to replace the original application binary with a malicious application which will be executed by a victim user or after a ScsiAccess service restart.
d3fa045e2673851c540274839e21d86b9ded844acad5b02695a52999b8f3dffdOpenCart version 1.5.5.1 suffers from a directory traversal vulnerability.
d4fb0138400954a2ffd3deaf9aa1b199b065826234b68bb121e49aa9e20d7686StarVedia IPCamera IC502w and IC502w+ version 020313 remote bypass username/password disclosure exploit.
b2e1e754ab46c85bc8c173378b2b272899f11b8f2b489f6d503525cd01b556aaVerizon Fios Router version MI424WR-GEN3I suffers from a cross site request forgery vulnerability.
0e3be0fba9127a1712cac4a67d60193e76d579ee1b98d581303cf603e867e082WordPress Count Per Day third party plugin version 3.2.5 suffers from a cross site scripting vulnerability due to trusting REFERER headers.
0064257fd5c4d757e56218fd6d6ad15c26c04eea4bedd1cd48f176df11011a09WordPress Occasions third party plugin version 1.0.4 suffers from a cross site request forgery vulnerability.
9065b612a6814f4c3c807c0afb6fbf138b3642c802701417b8dfe94ebb4827a1ViewGit version 0.0.6 suffers from multiple persistent cross site scripting vulnerabilities.
20c97073d97750300a2356a5164432b210fc3c10d3b8e7ff551f05ed56a0236aAn information disclosure vulnerability existed in the official Chinese PayPal web service.
0819e22b013abdf36efcc169f5458257ea767fb462ee471e8c7f3ff0ceb5cc22Ruby Gem Fastreader version 1.0.8 suffers from a remote code execution vulnerability.
89b87fccb71d43cbfd06695564eb38fc2b65d8c3efba57236545d8452c11b607Ruby Gem Command Wrap suffers from a remote code execution vulnerability.
28a0b4a6c633d5625d572416f7ec1b3eca1a2045358cc07c0078fd6cd2d57065
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed