No-IP Dynamic Update Client (DUC) version 2.1.9 local IPaddress stack overflow exploit.
d37f68df0feae30fd4f0742a92e2ffcfdbb4d706c4e46c547094476dc7da8c57Wireless Disk PRO for iOS version 2.3 suffers from local file inclusion, cross site scripting, and OS command injection vulnerabilities.
8c9fa7e150f986c6a90d6b0747b41531d91f172928407e37e6d43c8c942d164cAvira Personal appears to suffer from a privilege escalation vulnerability.
eaf724f00a57c953aa68cb8bf5bf660c22076238cbf4e3a71e4f2c63cd81df8aPayPal Community Forum suffers from a mail encoding script insertion vulnerability.
f3775abd1f85cbc873545bacbe9965859b3ecc6e9a7482c285f0304e9fb1cb5bWordPress Search and Share plugin versions 0.9.3 and below suffer from cross site scripting and path disclosure vulnerabilities.
d3f719826cc457e3ab50d980ad4af6a0ee7713b621aca27072a59e42c82c49abWordPress Securimage plugin version 3.2.4 suffers from a cross site scripting vulnerability.
78e5ebebeb9ae585297520432443259b68de5fd5982df5f0a234decfca3ca168Lan Messenger version 1.2 suffers from a buffer overflow vulnerability.
5cb457c623df5ba754d6e21eb829eba1a7d60b5a17ed00b9f696fc8e72589070This Metasploit module abuses the SAP NetWeaver SXPG_CALL_SYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
07e4fa901be9cc50c8930727a69a8c8e30098c5150d37c5a93fa5928c0123236This Metasploit module abuses the SAP NetWeaver SXPG_COMMAND_EXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
9c4b5e90a96b549626431074b175b223177580d1d90db57236152e6e60113583Securimage suffers from a cross site scripting issue in 'example_form.php' that uses the 'REQUEST_URI' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
743f9fc637708cf172570cb700ddffe5481bfb59d99d052f41f7beceae996239UMI.CMS version 2.9 suffers from a cross site request forgery vulnerability. Fixed in version 2.9 build 21905.
1b0e4d26dfa1a21c5dc4f029c8a2dc7ada712c3e42ede3f39bd6f72be600733bLinux kernel open-time capability file_ns_capable() local root exploit.
583714d753055ddbc2d0a4f4fd1aff410063e0daab0edac84f23b58fa33fda67AlienVault OSSIM versions 4.1.2 and below suffer from remote SQL injection vulnerabilities.
edf35d0b9315cc82230669af31e17a817456a6ac0929e244282a0af64f6ac336Joomla DJ Classifieds Extension component version 2.0 suffers from a remote blind SQL injection vulnerability.
3703cc31e5f10951bfd6e5534ddd70a4eaffe8cfee40eca7999ac64d25de08b6Flightgear versions 2.0 and 2.4 suffer from a remote format string vulnerability.
32b08be14ae9527b5ab40a98a1edc92b19a1f00ecc1b968542c6f8b64d1e37f0Brother MFC-9970CDW Firmware 0D suffers from multiple cross site scripting vulnerabilities.
3420f3b475a358c1a02b1bf5b99838fcee8f5ab5d58b149eb50a76ae057e4a0fThis Metasploit module exploits a buffer overflow vulnerability found in ERS Viewer 2011 (version 11.04). The vulnerability exists in the module ermapper_u.dll where the function ERM_convert_to_correct_webpath handles user provided data in an insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This Metasploit module has been tested successfully with ERS Viewer 2011 (version 11.04) on Windows XP SP3 and Windows 7 SP1.
f08aa677e4bbe773f77b4590e3bc7bcc07a3ecbc53b0cb2b1479169e8de33890Cisco Linksys E4200 firmware suffers from cross site scripting and local file inclusion vulnerabilities.
59820449af959f72e12353106ed7dd3292754025d1b09dccf9477170e26b0b2eOpenDocMan version 1.2.6.5 suffers from persistent and reflective cross site scripting vulnerabilities.
09a561eea3e2a4cf7a0b605a95ace0f35855e1d5dc113069e4c7516091aab7e1Hloun Support Management System version 3.0 suffers from authentication bypass and remote SQL injection vulnerabilities.
4036c3b54a9386a38fb0387988ef8098b48eb2d63998f2fa2f7cfbf8ad120412MoinMelt remote arbitrary command execution exploit as released in HTP version 5.
57a4eee9988f535e79cf25e3113013c4894c962158793e8fa7a2a42a01d07190ColdFusion version 9 and 10 remote root zero day exploit as released in HTP version 5.
7ca7d0dbbf03c4e7f09cce36a6785fc2d64fa398061c3b4afd5d406f11f33c4eNetApp onCommand System Manager versions 2.1 and below and 2.0.2 and below suffer from cross site scripting, file inclusion, and OS command execution vulnerabilities.
c03a185c7bd69fd181b1a14ec856e4d335a0da6e6ea530fcfec62dc71fd11947Drupal Htmlarea module version 4.7.x-1.x suffers from a remote shell upload vulnerability.
78f77867a46c4aaaff7aac7994d6a185897bc9f0853cd50e089fc3b01fb28d09Craigslist Clone Gold suffers from a remote SQL injection vulnerability.
f54dec94a7742199481341e8ad792abf58d3234159c8418dbce4610386e3bbde
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed