Dewplayer version 2.2.2 suffers from cross site scripting and content spoofing vulnerabilities.
5a1f3f71d04579c9bfde14b30a8e91bf8855a69002dd690629da538ec4ef6754
Fat Free CRM suffers from cross site request forgery, known session secret, and remote SQL injection vulnerabilities.
e36735d125c4d5e421f622b4448eb7831f1aded7c14c184b6ede1eee0bf01c06
xBoard versions 5.0, 5.5, and 6.0 suffer from a local file inclusion vulnerability.
ea65a2314d43263c2ca2e1369ceedc90166a109931b14ab99de74043e36f9ae7
booking.qatarairways.com suffers from a Struts vulnerability that allows for remote code execution. The authors have contacted Qatar but no one has responded nor fixed the issue. It is being published publicly to help convince them to remediate the issue.
b48a16f763565d8b3796254051c67ef4cb6a511edc1d30e0f634b8ccf3e6a90a
WebPagetest version 2.7 suffers from a local file disclosure vulnerability.
57435b59f5fada7cf0b2b28770fccde94dfbd2552c0c550f09c2f9f521d61efa
WordPress Recommend plugin suffers from a cross site scripting vulnerability. Note that these findings house site-specific data.
84b4c1e890f3ce3a47c8b869c6f834bc2675ceec8fe10b8a9976a8f6b0467086
Zen-Cart version 1.5.1 suffers from a database backup disclosure vulnerability.
9061996cb9f8621ef614cb8cbdc9fe4527baec1b037503862ea03d28f3bad283
This Metasploit module exploits a path traversal vulnerability in the "linuxpkgs" action of "agent" controller of the Red Hat CloudForms Management Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier). It uploads a fake controller to the controllers directory of the Rails application with the encoded payload as an action and sends a request to this action to execute the payload. Optionally, it can also upload a routing file containing a route to the action. (Which is not necessary, since the application already contains a general default route.)
ecc3dfeae56af0d7e8234b449d220c4c30764ffe2c2b2a098d22efcf89701574
This Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions 4.x, which allows the execution of arbitrary commands under root privileges. The vulnerability is located in /webman/imageSelector.cgi, which allows to append arbitrary data to a given file using a so called SLICEUPLOAD functionality, which can be triggered by an unauthenticated user with a specially crafted HTTP request. This is exploited by this module to append the given commands to /redirect.cgi, which is a regular shell script file, and can be invoked with another HTTP request. Synology reported that the vulnerability has been fixed with versions 4.0-2259, 4.2-3243, and 4.3-3810 Update 1, respectively; the 4.1 branch remains vulnerable.
513af8fcad7f15ab39a785c35d338137aeacd8422cf292ee059738323ccdea1f
This Metasploit module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval()' with user controlled data from the 'modname' parameter.
7c1e06a8368ff3ba80da09ec39f138b29b87f7223b028687a6f1c5149cc3a95f
This Metasploit module exploits a local file inclusion on Zimbra 8.0.2 and 7.2.2. The vulnerability allows an attacker to get the LDAP credentials from the localconfig.xml file. The stolen credentials allow the attacker to make requests to the service/admin/soap API. This can then be used to create an authentication token for the admin web interface. This access can be used to achieve remote code execution. This Metasploit module has been tested on Zimbra Collaboration Server 8.0.2 with Ubuntu Server 12.04.
e41cf490ab9469ce31ade3e3bc8198d90c941e76e3bd760f92078a0dc9e99472
This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2, Windows 2008 and CentOS 6.5.
b961edaf771081e73dba11e81febc940689847d6bed6412bc6f0a4ad23ff2aae
On versions of Firefox from 5.0 to 15.0.1, the InstallTrigger global, when given invalid input, would throw an exception that did not have an __exposedProps__ property set. By re-setting this property on the exception object's prototype, the chrome-based defineProperty method is made available. With the defineProperty method, functions belonging to window and document can be overriden with a function that gets called from chrome-privileged context. From here, another vulnerability in the crypto.generateCRMFRequest function is used to "peek" into the context's private scope. Since the window does not have a chrome:// URL, the insecure parts of Components.classes are not available, so instead the AddonManager API is invoked to silently install a malicious plugin.
f9c391aa7b550b10c8e9686f804da688eca5b3b20ea450df0a1b9e0dac71ac00
Synology DSM versions 4.3-3810 and below suffer from multiple directory traversal vulnerabilities.
baddc783cba3ba3012c1d9f37e58531b749662074b81d95266d64e6544b90e21
Leed suffers from authentication bypass, cross site request forgery, and remote SQL injection vulnerabilities.
5d7cef70be868bc4ba37188215a7df2faffb093a6b4998f815979327d8478874
USP Secure Entry Server suffers from a URL redirection vulnerability.
995509d4226fbde7623bf7db3c4f9482a0db97f34ae2b2c1d1ded1f9c49e979b
Avast.com suffers from a cross site scripting vulnerability. This was sent to Packet Storm anonymously and was reported to the vendor. The vendor has not addressed the issue for months so it is being disclosed publicly in order to shed light on the issue.
1c3a06c072fae66bc640f5b7d482bbf52f72ae43fd03ae40a890739e3abdc7e3
Easy Karaoke Player version 3.3.31 integer division by zero exploit that creates a malicious wav file.
6d06432f54e8ec7ac7db4d9cbb05a0800262ff09f5a802304ab7ffd7400318a2
HP Operations Orchestration Central version 9.06 suffers from multiple cross site scripting vulnerabilities.
1cce985e37ff678546bdbfc58d9240c9e77f144952a275bef85b1bd85a23cb13
du Mobile Broadband version 16.002.03.16.124 suffers from a local privilege escalation vulnerability due to improper permissions.
2c70f2ccec1017caae9ab7e58c850bf30dd22596312e63d647efc6b69e032bcc
MBB CMS versions 004 and below suffer from local file inclusion and remote SQL injection vulnerabilities.
398c2a077d4abbc969a441b3fd784add2425de7c3d23257f5dcdd5847b8a0415
Codiad version 2.0.7 suffers from a persistent cross site scripting vulnerability.
6fd396ea8dd173caabd6c81d45224dd5d0b1746c6bb28918a6904caa9714cd8c
Core Security Technologies Advisory - RealPlayer is prone to a security vulnerability when processing RMP files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing RealPlayer users to open a specially crafted RMP file (client-side attack). Versions 16.0.2.32 and 16.0.3.51 are affected.
138c669ee28a20c01fad95f2ddae01490a953b8043d0631d15f8c2f418a3d9c1
Song Exporter version 2.1.1 RS suffers from a local file inclusion vulnerability.
ea65da253d616e40f5ffe502874617705b1161d1a0b2f8c0e9df02a8b9936669
WordPress Persuasion Theme suffers from an arbitrary file download and deletion vulnerability.
2a70725a6c45899c35c6c0202c7202b59dda01342cecd7705353378bc1f85037