Apache Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to authenticated users, but will return all User objects in the database given the correct query. Versions 0.11 through 0.20 are affected.
0fc0f4d0dcf747beda3059f5ac91c70414ea7169915d9f52f748260badb8a8b5Web Cookbook suffers from multiple remote SQL injection vulnerabilities.
74eb1ad64b0bce3e3791e0693f15a1c7c3d96dee667109bbba5c77d600b03146Yandex xdLab TagScanner version 5.1 suffers from a stack buffer overflow vulnerability.
e693f08c846eafa2d28e63c5d1b289cee7c19b70f6f1ed43ea8bdba4743dc36aThe PayPal Portable Store Front widget suffered from a cross site scripting vulnerability.
7300da6ef827e8502849d57a847fcb00022ac5b9910f43357bb2e9aaeeb37ec2Cam2pc version 4.6.2 Freeware suffers from a BMP image processing integer overflow vulnerability.
b1cf810934a520037613b1ade4af79ae169021363455268874990d40afa27bb8This Metasploit modules exploits a vulnerability found in the Honeywell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the HSC Remote Deployer ActiveX installed with HoneyWell EBI R410.1.
1f3cef2a50e87d41ca54ec3ec66187a9eab588ff63fb1178c75bc47d21f21a3cLocal root exploit for Ubuntu 12.10 64bit that leverages the sock_diag_handlers[] vulnerability in Linux kernels before 3.7.10.
8cb1664fe3e4114405f60c70992efc4583eb8c783e92650a7895c3f8aa6712b5Privoxy version 3.0.20-1 suffers from an authentication credential exposure vulnerability.
64df167b1234ce7ef9560ad0dec948e6b6b51a7112712080b8c1c40e0cebdb89TinyMCE version 3.5.8 suffers from a cross site scripting vulnerability.
f8c9ff61aa722eff9d8b70db05c7eb7538744c819d92adc412486e43a0c64c31Asteriskguru Queue Statistics suffers from a cross site scripting vulnerability.
ca70d68877f3107fe540b91c1de6b16259fb738161d4b40961cb1d369d0785c9KindEditor version 4.1.5 suffers from a remote shell upload vulnerability.
d88c733d219132a2b1ee32a692f47acc95782683a3c055cf97d79c82150148cbPHPBoost version 4.0 suffers from shell upload and information disclosure vulnerabilities.
57a0ed69df2dfe6a08556e979aa44517e786e8aafe00b57724d89f4f48485e75LCG Disk Pool Manager (DPM) suffers from multiple remote SQL injection vulnerabilities.
c09db0699a877aaa44c50f0e0b466403ccf2000c38640bf54a52c32b5d1f0385WordPress Terillion Reviews plugin suffers from a persistent cross site scripting vulnerability.
62684a3baca42139d0e32dcec4e3d4b607181140aeffe213e63ac42b45039168This file contains multiple cross site request forgery proof of concepts for old issues associated with the D-Link DAP 1150.
1ce4b9cbe4f534fbae4789b1f32592413776835b37addb31f2b0d689d734ecd4McAfee Vulnerability Manager version 7.5 suffers from a cross site scripting vulnerability due to improperly sanitizing user-supplied Cookie values.
566957c0cfaab8f9b783af3bdf8496ff6eb513ff719e2c486f97028c19b84632This Metasploit module exploits a directory traversal vulnerability that allows arbitrary file creation, which can be used to execute a mof file in order to gain remote execution within the SCADA system.
cb4ca7e2b6ed001985ac60257eb7224986eb62545c9d0e35bf5632761adc890bThis Metasploit module exploits a vulnerability in Firebird SQL Server. A specially crafted packet can be sent which will overwrite a pointer allowing the attacker to control where data is read from. Shortly, following the controlled read, the pointer is called resulting in code execution. The vulnerability exists with a group number extracted from the CNCT information, which is sent by the client, and whose size is not properly checked. This Metasploit module uses an existing call to memcpy, just prior to the vulnerable code, which allows a small amount of data to be written to the stack. A two-phases stackpivot allows to execute the ROP chain which ultimately is used to execute VirtualAlloc and bypass DEP.
7de29ccbc4fc0af57c3834340b87fbe2ce27419e8888190bc1a4620767590552This is a demonstration cross site request forgery exploit for Question2Answer that also takes advantage of an insufficient anti-automation issue.
e8a626660486f464fd58c9ab8052bbb89a6150a1f60768dade0cfcad6e8669e4ALLMediaServer version 0.94 SEH overflow exploit that spawns calc.exe.
581d11bf437584999c610e53bfc9f899cf4e9ab8f2b4079740da0b9dff03d908Google Fusion Tables suffers from a cross site scripting vulnerability.
c519dac8f756067d0fa8add23bde2f82d6721b4e72018779151d20aa116ec072Corel Quattro Pro version X6 Standard Edition suffers from a NULL pointer dereference vulnerability.
2175709f7a6a472e1af99f68d9a7e4070f1f9f784793aab30da9105ac0d83ee5Corel WordPerfect version X6 Standard Edition suffers from an untrusted pointer dereference vulnerability.
8832b3303002c58c42ba8a6647668b520210078b09fd600c76f27e5f6abdb855MLS Property Finder suffers from an improper access control vulnerability. Note that this finding houses site-specific data.
bfe705a9600eec5c7967a56b122c9365f0981b9776ce2992d7d4575f6eaaa5bdYour Own Classifieds suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
e786093e3303c069a9fedd85ac436abf93cbe3ccc5bf77ce4365711adb19c1e0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed