TRENDnet TE100-P1U with print server firmware 4.11 suffers from an authentication bypass vulnerability that allows reset to factory settings or IP address change.
b7ef6475979c2c1961911c4513a6c54bf0f40d588de215f5dc1a34f2f4ef99d6The CyberKendra Search Bar script suffered from a cross site scripting vulnerability.
4a5361a17f69d745e0fb5aa52190ed508bceb7f198b3fd490a70d9e77ed8a4ebSami FTP server version 2.0.1 RETR denial of service exploit.
06d2037acbf61940eff3c2edc3b7de8a6750c62bc7165b179dd58aca0df3784bRemote root exploit for all Seowonintech devices.
595a7decdc3f52417856da361543526dde0357dd9c1d41fd0828e62432f3bfa8PEiD version 0.95 memory corruption proof of concept exploitation details.
d53ea6b79606c299c81e860d64d534a6a783b267cc16bf3fda88ca1114fd92d5FreeBSD 9.0+ privilege escalation exploit that leverages the mmap vulnerability.
a973c83e5edcbbb9daa0f1ee93d7602a34fc84b380f80b2f787c0b16ff88417aaSc Timetables 2013 suffers from a stack-based buffer overflow vulnerability.
456f8e6a3244e971ad39ce281111d3f8cbb2a46cb66c2ae86b5dc1c3ed95dbb5Mozilla Firefox browser version 21.0 suffers from a remote denial of service vulnerability when a loop is leveraged against document.write(document.body.innerHTML).
bc819cf7a43da917d125d0cfc0031789e76ca7137c00956f52a39dea1dcda135This Metasploit module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue (found in ginkgosnmp.inc), which will be used in a exec() function. This results in arbitrary code execution under the context of SYSTEM. Please note: In order for the exploit to work, the victim must enable the 'tftp' command, which is the case by default for systems such as Windows XP, 2003, etc.
6266db27926cf39ef3e09f70d6ca685c96436473d8a501cfbd635527cd54d34cThis Metasploit module exploits a file upload vulnerability found in LibrettoCMS 1.1.7, and possibly prior. Attackers bypass the file extension check and abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.
30ecd42376c5e4bb7dd7923719eb84398fa5da45f31326b369732ac687c9d496Alienvault OSSIM open source SIEM version 4.1 suffers from multiple remote SQL injection vulnerabilities.
cec5b0d081cb8bbd769dd87f67d17d9598653efb5fe766c3fed3b0ae82e30776Facebook suffered from an information disclosure vulnerability. If a user uploaded their contacts to Facebook and then proceeded to download their expanded dataset from the DYI (Download Your Information) section, they would receive a file called addressbook.html in their downloaded archive. The addressbook.html is supposed to house the contact information they uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided they had one piece of matching data. This effectively built large dossiers on users and disclosed their information to anyone that knew at least one piece of matching data.
07268c0e796ea6d21e794a4db3101dd9e38d23de66ebb9b581bb627fba66c532Google Translate suffers from a cross site request forgery vulnerability.
12c75e42342e2b5192e105b93d358210a34123108e4400ed7ac334119313f625Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .lst file.
bcb66ae72f4f684291f8faab4d2e165bb61d7ebc318e13bb1313b5ccd967ad9bMediaCoder PMP Edition version 0.8.17 buffer overflow exploit that generates a malicious .m3u file.
9fd7b6968573c582ace30ac22503f1f40315d198996d216a15f72fecb865e032Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .m3u file.
88cbe9f71bdd8f65081de116b10e0c8cff528229002bfcafc93c7a4c0255f52eThe Slash theme for WordPress suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.
a99cba04e795f7b79896872c6d6ff57f05ad21de70d7e533d95a3ebf48628267Prestige Software CMS suffers from a local file disclosure vulnerability.
a65103527976d07ca5756e57a286810cd917abeeb166383e9e823692a7ffbab9This Metasploit module exploits a file upload vulnerability found in Havalite CMS version 1.1.7. Prior versions are possibly affected. Attackers can abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.
caf2d6ad9662842ffd45e96d09bc069561d43e22364b1adc6736d0aee2a8406cGLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'users_id_assign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in 'glpi/ajax/comments.php' script is not properly sanitized before being used in SQL queries. This can be exploited by a malicious attacker to manipulate SQL queries by injecting arbitrary SQL code in the affected application.
d4ea648da5ce15f6a9a9ff70fced4a4c2d50218825a23a4be4c56ea5f0f90ee9FreeBSD versions 9.0 and 9.1 mmap/ptrace privilege escalation exploit that leverages the issue described in FreeBSD-SA-13:06.
33ab3cd2db81ca119a894609c3cbec29fc118789f6df44a99945d5cda231b71cGLPI version 0.83.7 suffers from a parameter traversal vulnerability that allows for arbitrary file access.
8c549c03c6d7b7e06618844943413d35622dfba90639b3c6ac5e75b5a16e3a25This exploits performs privilege escalation leveraging the mmap vulnerability in FreeBSD 9.1 as described in FreeBSD-SA-13:06.
f4335d5441b706cb24ce9fb6b71366091edddbb0838d83d2cd1b69a4edab8fdfTP-Link Print Server version TL PS110U suffers from a sensitive information enumeration vulnerability.
d9a49fe63d706d493bab0eca559b24f7343fd3b17429368055b9144c891c110dMod_security suffered from a cross site scripting filter bypass vulnerability.
f2125bb4ab7692426d1789ea62aa804f599421f07fed6bc8474c3e45d715a2d3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed