WordPress Bradesco Gateway plugin suffers from a cross site scripting vulnerability. Versions prior to 2.0 are affected.
0dc5dd6056d1e33ed43fe0e9d5a97c9ea97521368f17f778c62040126822602aDifferent Raidsonic NAS devices are vulnerable to OS command injection via the web interface. The vulnerability exists in timeHandler.cgi, which is accessible without authentication. This Metasploit module has been tested with the versions IB-NAS5220 and IB-NAS4220. Since this module is adding a new user and modifying the inetd daemon configuration, this module is set to ManualRanking and could cause target instability.
349e9ccfce89a895bc88301a928728a68a24c672b6744b743b04b03f181ca743SolarWinds Server and Application Monitor version 6.0 suffers from an active-x related buffer overflow vulnerability.
841395a87d46f8aba7dd14551684fe16b9e3de8cd2cb1433a295058e36790214AspxCommerce version 2.0 suffers from a remote shell upload vulnerability.
8713bab6a79f7b5d50c2b8edad2fb8f4da89c6c5cd1a55ab350684bd6f34a372WordPress Lazy SEO plugin version 1.1.9 suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.
7e6392b31a7cf6905f01765ca48cb4eced37d1b642177cdae03946cf58c2ba14WordPress fGallery_Plus plugin suffers from multiple cross site scripting vulnerabilities. Note that this finding houses site-specific data.
c80371f254e0d3bfeab131b5f84077ce5fa288551f11fc15cd06775a35806a1cShare KM version 1.0.19 remote denial of service proof of concept exploit.
6e85084d4572fb736353c9fdeb36ef7ab48ef9213cf5e87654492ec8b0461ce1Joomla JVideoClip component suffers from a remote blind SQL injection vulnerability.
4781ffbb58c2f9b00a3104325ceee5ce0a84ef307ee9cccc745852c86fd96ec6This Metasploit module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup r11.1 - r11.5. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code.
9e93281c5a99b1786fc2fabf26e8375d1877b9b8ef741951fae3d0bad9d2039cThis Metasploit module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP version 2.07 server when the "/../" parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing string will also be seen on the FTP server log console.
aff42bc0d13d90c28ae3e11d84b0970e7da59f5d0794391bf2eda1629b411de3This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer, specifically in how the browser handles the caret (text cursor) object. In IE's standards mode, the caret handling's vulnerable state can be triggered by first setting up an editable page with an input field, and then we can force the caret to update in an onbeforeeditfocus event by setting the body's innerHTML property. In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write() function, however, mshtml!CCaret::UpdateScreenCaret remains unaware of this change, and still uses the same reference to the CCaret object. When the function tries to use this invalid reference to call a virtual function at offset 0x2c, it finally results a crash. Precise control of the freed object allows arbitrary code execution under the context of the user.
ee4538ddb8dd6f77e4bd70d5e7a430e46f6d5d7ff97a0c2c23d04883b7fb837eThis Metasploit module exploits a vulnerability mainly affecting Microsoft Windows XP and Windows 2003. The vulnerability exists in the handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the "Screen Saver" tab is viewed.
29aaf07dcb5542222f7a271a446b80f5ab4686dc9025e8ce1f3c8d7045454193This Metasploit module exploits an arbitrary command execution vulnerability in the GLPI 'install.php' script. Users should use this exploit at his own risk, since it's going to overwrite database configuration.
79ddcfadea6c138a29a453a0dc3ff975e1ac590cc8150a6246c57abfb76852b1The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.
5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99WordPress NOSpamPTI plugin version 2.1 suffers from a remote blind SQL injection vulnerability.
58aa4142de2233611890f47f72f2972f2c389dd1fa2abe3fb8100667a4fc03feMental JS suffers from a sandbox bypass due to the ability to still execute javascript via document.inner.HTML.
d3c1668d510834211878dda3ef864e35ccdb1c64178a379e9c6c843e14ba7119Monstra CMS version 1.2.0 suffers from a remote blind SQL injection vulnerability.
8f646b41ef7d6398179c427aec485dce9f11cf86266f17f63bfb8ccaea4a854cWordPress Comment Attachment plugin version 1.0 suffers from a cross site scripting vulnerability.
ee16f6f50293855bcd58cc0c73ac5efb633bd28634e6029c4580e4b6cda87866The customer service message in the My Selling Tools section of Paypal allowed for script insertion.
4fc0aab28d40e382320645dd2458e2851b10845c325983e88d3580f2925be850This Metasploit module exploits a vulnerability found in Western Digital Arkeia Appliance version 10.0.10 and lower. By abusing the upload.php file from the scripts directory, a malicious user can upload arbitrary code to the ApplianceUpdate file in the temp directory without any authentication. Abusing the local file inclusion in the lang cookie to parse this file, results in arbitrary code execution, also without any authentication. The module has been tested successfully on Arkeia 10.0.10. The issues have been fixed in version 10.1.10.
b6be92789311b465be99dfdca2d0ac2207f5eb8fd1d7de3d361ab48a8421df40This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the "new_comprehensive_save.php" page. This hash can be used to log in as the admin user. After logging in, the "manage_site_files.php" page will be used to upload arbitrary code.
153813f0acc368a45adcb43f7156aa643bd4c5305a6564c6562b51d3c58cec74Ajax File and Image Manager versions 1.1 and below suffer from a code execution vulnerability.
31237d5de06bf26d9ad7ab55fd1d1c9458637ce9c4fee50f8d6fb5185bddb0d1This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10. credit goes to Wireghoul.
9b1b3722c40ca89375f977802175807d831acd844ac69afb11a55ae6296de174McKesson active-x control version 11.0.10.38 suffers from a variable enumeration vulnerability.
eb5a347719e20933c95310d59d0af5d7d0a513bcbf2f6ec63b483b1c7dc9b822WordPress RokMicroNews plugin versions 1.5 and below suffer from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.
ea1a5a7a7041572f9f1666622d7a30d7aaf1299bc892596fc238dd0d0c44d675
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed