Rebus:list suffers from a remote SQL injection vulnerability.
346eae0666cf8b6d57c06d6863f4273a4dc4aad8a7f734a187ea2a43318b2d8aThe Joomla RSfiles component suffers from a remote SQL injection vulnerability.
878f37ba2d41f24faeb5ec2926a1b3e8e8e8dae83c8e76e91355b9fa3d139eadWordPress Simply Poll third party plugin version 1.4.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
ddddad68953e748aca3717d171b456e43176604fc0cffd022c7d37a8ba52922eSami FTP server version 2.0.1 PUT command buffer overflow exploit with DEP bypass. Written in Python.
8159a50021210d0417c9c4dfb1db9a6b41e41225e88e15e69485e9a6794eb4d2Scripteen FunPhoto Mix suffers form a cross site scripting vulnerability.
e8c7ce5534c56e058f80854b0ef2e32456a54d16c50b0b3203dd20fef2710264Polycom systems suffer from a format string vulnerability when creating a CDR entry. Polycom HDX series versions prior to 3.1.1.2 are affected.
8998433b0bea32dde00acd6d3311c61443b062424f5faeac20c6cdfee2adbe3bA simple H.323 SETUP packet can be used to commit a remote SQL injection attack against Polycom systems. Polycom HDX series versions prior to 3.1.1.2 are affected.
c8ef16e32d79b56646936f40819360d5231808c030efb457b8afed16f3c94923The firmware update functionality in the Polycom web interface is vulnerable to a simple command injection vulnerability which allows an attacker with access to the web interface to execute arbitrary commands on the underlying embedded Linux system. Polycom HDX series versions prior to 3.1.1.2 are affected.
eaeed66e6e35211d5de8494085612d6cabc696df21d84244931e4cb825cb4492DaloRadius suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
dac44b7efab3b59bb2bece48236156df6cdf384dff8f1629a610c458be0fe847The default installation of Skype is vulnerable to a local privilege escalation attack that allows an unprivileged attacker to execute arbitrary code with NT AUTHORITY/SYSTEM privileges. Versions 6.2.0.106 and below are affected.
d220809c5a2ec3bca6b7d83539650b12420bc8778406212fc05cd585e28a6a0fThe Polycom Command Shell can be used to view and also change several settings of the system. However it can also be used to get system-level access (i.e. root access) to the HDX system. The "printenv" and "setenv" commands can be used to read and write variables respectively which are stored in flash memory. Polycom HDX series versions prior to 3.1.1.2 are affected.
162aad6a25e60bab68f51ec49f90cbda2650407c9f0ac15d752cc71dba4606beSome Dream Boxes with OpenPLI version 3 beta images are vulnerable to OS command injection in the Webif 6.0.4 web interface. This is a blind injection, which means that you will not see any output of your command. A ping command can be used for testing the vulnerability. This Metasploit module has been tested in a box with the next features: Linux Kernel version 2.6.9 (build@plibouwserver) (gcc version 3.4.4) #1 Wed Aug 17 23:54:07 CEST 2011, Firmware release 1.1.0 (27.01.2013), FP Firmware 1.06 and Web Interface 6.0.4-Expert (PLi edition).
08146370ff7e87193e0ac650501ba578d139728fdb5da79083867c3d68983b6cWordPress LeagueManager plugin version 3.8 suffers from a remote SQL injection vulnerability. Both an exploit along with patching recommendations are provided.
a3e13cf6b95a3336ab25ac8195f16b3844e2f53413a7db2fbea7d99a9a980665Petite Annonce version 1 suffers from a cross site scripting vulnerability in moteur-prix.php.
4d7c27491eec42b373a976e3e8c93b8036534ebe80480c62b3a9c04bc029abf3Google Chrome versions 21.0.1180.57 and below suffer from a NULL pointer vulnerability in InspectDataSource::StartDataRequest.
922f2c1e74a32dc38ee0d67c6334a31517da282683a2f06192b0fea1c6e5da62A confirmed security vulnerability has been identified with 30 high traffic web sites owned by QuinStreet. The vendor stores database IDs in cookies which are easily spoofed (USERID_COOKIE), allowing all user information to be accessed.
12c6c5deb30c5b87678c3f751877699e042013d41da09a3c32d7c0543db5a1a8nCircle IP360 version 7.0 discloses the LDAP password in cleartext in their HTML code.
65936fc21494ca5ba065730abc8ffc017c2866821962e6b47e4b86851827acdfClipShare version 4.1.4 suffers from remote blind SQL injection and plaintext password vulnerabilities.
a568735b6f3205c221aee116bd737215c0b537dd6bb646bc342ef61168392866Cisco Video Surveillance Operations Manager version 6.3.2 suffers from cross site scripting, access bypass, and local file inclusion vulnerabilities.
889a7c95fe9ba307b4476548a140238036f8459886d5305efa04819e7fdd2104Open-Xchange version 6 suffers from cross site scripting, local file inclusion, HTTP header injection / response splitting, missing SSL enforcement, server-side request forging, insecure password hashing, and file permission vulnerabilities.
8be9974c5b91f42a1ca77eb417301430aea4147dc0179c425ee43fbe9ef5c36eLocal root exploit for Fedora 18 x86_64 using nl_table to leverage the sock_diag_handlers[] vulnerability.
1ab629c5ad74a701d6a87ea1e2c30d5f307d18d3171c1f44adb7736878b5c4baProof of concept code that demonstrates a stack-based buffer overflow in the Linux kernel SCTP_GET_ASSOC_STATS() function.
588169341383534eb48214aef23de1ecd3b8f43f820fc7090163879acbcb9dc3Ruby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization.
c96fc864359b4f3b2f30998551d780075c8307fbf1c24791422f696b650146efRuby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization.
f3b4827a94b047303ccc02b88c3f74c2860bb4df87e899281dfb759760495123Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization.
1fab775f0aafbbbde6c3e31e5072977d382d54542fa209d3fc109a74349d293a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed