pfSense version 2.1 suffers from local file inclusion, privilege escalation, and directory traversal vulnerabilities.
a196c8dbe2940fca23547db68328ab1e0aa1e282b862808dd145f9ca266b2404This Metasploit module exploits a file upload vulnerability found in Simple E-Document versions 3.0 to 3.1. Attackers can bypass authentication and abuse the upload feature in order to upload malicious PHP files which results in arbitrary remote code execution as the web server user. File uploads are disabled by default.
6e99abeb1415d8df56dfb483b3ab125f1112848d4094f7b300a31eecd774a5f1Check Point Session Authentication agent version 4.1 and higher contains a flaw which is caused by lack of peer authentication in SSL communication. Encrypted communication between agent and security gateway has been introduced due to several issues which were revealed in the previous versions (4.0 and lower) of the product. Research showed that it is still possible to exploit previously known vulnerabilities - gateway impersonation and credential stealing - even though communication between agent and security gateway is utilizing SSL. Proof of concept code included.
72c58abdedbdd388c629229b4209b2ae54e94e204621503ea71431c315e26d46Oracle Outside In MDB file parsing stack buffer overflow proof of concept exploit. Affects versions 8.4.1.52 and below and versions below 8.4.0.108.
ce81c908b62ba0f0a213a1fc79baa758e7474a490afefa1a19d9ff684341f70bWordPress Infocus Theme suffers from a cross site scripting vulnerability.
72175cc3a0ba10815ddba1acc6812efb9bf950f993641bc2dc35d2e2ee6ad9bdA critical validation and filter bypass vulnerability was discovered in Mozilla Thunderbird version 17.0.6.
3d74d1a5a34c81851a8e11107c2b8d408b79754dd376c511ec93b10f3ea74f44Ability Mail Server 2013 password reset cross site request forgery proof of concept code that leverages a stored cross site scripting vulnerability.
9692e27e51f88fa2918af83e4e21c7ab7e2454a36da851bbf99a37aed1388af8ssl.bing.com suffered from a cross site scripting vulnerability.
37d160ce1d252a3d686efc9a22c7753044cf3ac7a500c95dae704ffd2fc6b168GoToMeeting Android application (com.citrixonline.android.gotomeeting-1.apk) version 5.0.799.1238 is vulnerable to information disclosure via logging output, resulting in the leak of userID, meeting details, and authentication tokens. Android applications with permissions to read system log files may obtain the leaked information.
389df097f281daaa7d9dbb9c56c808dd4446da2ce103d5ebb8de28f30a998b7dWordPress SS Downloads plugin suffers from a cross site scripting vulnerability.
e7e32f80a9b115f22a4c04630e2287e8ec3e6d477abe62b6eeeca82b4b163304Simple e-Document version 1.31 suffers from login bypass, cross site request forgery, cross site scripting, remote shell upload, remote SQL injection, and various other vulnerabilities.
d8e915c9f3da5e00522f2f5a23346a479926590b24a8d0c3da5e67600297bd00WordPress Seo Link Rotator plugin suffers from a cross site scripting vulnerability.
396ce83d6ac42563fd0a710f4db39ced9b30c7118dc539f7f1e5c4936c37f350SkyBlueCanvas CMS version 1.1 r248-03 suffers from a remote command injection vulnerability.
edb1dc8edd44d6d33407ec7f1003b2866b604f61799c9db86b8103a2b24694b3Drupal version 7.14 EventCalendar suffers from a cross site scripting vulnerability.
1f3e58de44388bcc99c04ff88aaf23d52abd1dac99f452c857af5d0c9f80660eMp3info local buffer overflow denial of service exploit that spikes CPU usage.
b5deb6a792d6a949d3e5e679490e6aa9c87258ed31e39e318f17e5babbae1e81pChart version 2.1.3 suffers from cross site scripting and directory traversal vulnerabilities.
b4febd30f5ce93221ca07adaa67509442b41b186e1b14b8debfe2154c84000b8JAMon version 2.7 suffers from multiple cross site scripting vulnerabilities.
05d3cecf7d59ce888a09043a4aa1af1988abd9d302ed9dd5da80c76ff2e50e0aAdult Webmaster PHP suffers from a remote password disclosure vulnerability.
5d256374da1c00ac65c89f84b2c767a7ce7a1f53d34c06fd56dd71fcdf7c38b1XOS Shop version 1.0RC7o suffers from a remote SQL injection vulnerability.
1e0e8100901e6b54d82414baef8ff4d635720aa18959798a0e446a285227c175Joomla Komento extension version 1.7.2 suffers from a cross site scripting vulnerability.
d21d15fee1f16a152f0150eda5cc06010930d83f7641b7f52398505dbad2e7ebJoomla JV Comment extension version 3.0.2 suffers from a remote SQL injection vulnerability.
62a75319979a2ea2295519f55e7394ac65bbf8129d425fc67c56a24c882e5accSimple E-Document version 1.31 suffers from a remote SQL injection vulnerability that allows for login bypass.
9821aaf3544714230413b34fb96644bebcf27f01db5d4f83eb60bbb5a7d45d75Easy POS System suffers from a remote SQL injection vulnerability.
3790b82422dc9be079b7b09b1cad61a4832ad85eb8330671bd09b7127d6cf1b5Pizza Inn Project suffers from a remote SQL injection vulnerability.
f9bde7ca3b2a31bb0f1e5347f84dadaed0b1882477cdee7ba68fbaa7ab6c9b06godontologico version 5 suffers from a remote SQL injection vulnerability.
ed9c67c234ec933a605da421e78f117ffe73066ee2e7ea7e446a1b9a2232e288
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed