WordPress DT Chocolate plugin suffers from a cross site scripting vulnerability in jplayer.swf.
ca76d61472f76097e13b9dc8f3d2445a0b57ee437e584cf7eeaa019947b86eb7Appointment Scheduler version 2.0 suffers from file disclosure, cross site request forgery, and cross site scripting vulnerabilities.
c862a29944969863f0975fcc7d158a1e88bc1056d42e23427041ef26085170b4Car Rental Script suffers from cross site request forgery and cross site scripting vulnerabilities.
f875528451adbf590ff5d42e8db5528e9767054b64d9a39838371b6e8e9ebfc1Event Booking Calendar version 2.0 suffers from cross site request forgery, remote SQL injection, and cross site scripting vulnerabilities.
6e48051ca41d4a5840ce63add66a1bddb3bb21040e2895174b0a34fa26916171The piggyback parameter on ads.yahoo.com is prone to an open redirect vulnerability. Yahoo! addressed this by simply not fixing it and removing it from the bug bounty scope.
50c6a4f2d1b103f3063eff08517e16411735828edf4dfd0f56e57844ec8da341Conceptronic camera CIPCAMPTIWL with firmware 21.37.2.49 suffers from a cross site request forgery vulnerability.
c936953abc9b003cdedd3e88f2c0d79e0d4917e23725676c6212ee65de3ad7d4The Joomla Aclassfb component suffers from a remote shell upload vulnerability.
9d0fb8ff59906454f8f77b6cd1a8d6cbd5c42f068d8b4fc058718a4e32f3316fvBulletin YUI version 2.9.0 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
70b04ec197f8e63c02b7663b1a4b2d9d18521f1c0c32ac2e1970802272e3fc06This Metasploit module will cause remote code execution on several SerComm devices. These devices typically include routers from NetGear and Linksys. Tested against NetGear DG834.
9b733578aa9b9d3b0e314171f950e5b06d7e37d888dc961f586106abfaaeedecWordPress NextGen Gallery plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
2048dd3332f93135c9fa534a0d715495878f18701186d45dda32ab9eff032a79The Joomla Melody component suffers from a cross site scripting vulnerability.
6102f20c0e44aa4040f3c629757e685bd0741d329ca67792e2fd597dab8e54adBurden version 1.8 has an authentication flaw that can be exploited by a remote non-authenticated attacker to gain administrative access.
37b074fcfd1268b4c2a6f2caa51871c515255ca4a95d417dbb255ba1040e51e3WordPress WP-Members plugin version 2.8.9 suffers from persistent and reflective cross site scripting vulnerabilities.
385a5905db87d16b541ccca93a3f6fdc33d755988788c62aba7d2398acab7e99Horizon QCMS version 4.0 suffers from remote SQL injection and directory traversal vulnerabilities.
c4a8ec5246cde659f575cae4546093150061579f6c6c6713fe4b0a2f20435884Eyou Mail System suffers from a remote command execution vulnerability.
9eb2afa048f0423a66d6d70e5d349f8ff7afc7986f519cce410651a890eb14ceEZGenerator suffers from cross site request forgery and file disclosure vulnerabilities.
0105ea969629a0b67c5dee553ed0d9e82c41961d40576436de6c749be569fa15CSP MySQL User Manager version 2.3 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
657bbaa377192ebc2eef6b897b2b4fcd8ece308cf0861143d569a083eff2e675Built2Go PHP Shopping version 1.x suffers from a cross site request forgery vulnerability.
c88f0c657889d78d03a3fe805274b562dc61938b49f2435de9ec600fbd7d9f55UAEPD Shopping Script suffers from multiple remote SQL injection vulnerabilities.
e6d58afc0a7ccc372d19bba4b96af7e5bca4d4f6d3b3a9bc0d6cb35b8f1f58edThe initial observation was, that the linux vm86 syscall, which allows to use the virtual-8086 mode from userspace for emulating of old 8086 software as done with dosemu, was prone to trigger FPU errors. Closer analysis showed, that in general, the handling of the FPU control register and unhandled FPU-exception could trigger CPU-exceptions at unexpected locations, also in ring-0 code. Proof of concept code included.
c0d7b7b3940841dcb9f666f46a4adb35352ef1442a9a3e3f3fde132e5689e1efSpamina Email Firewall version 3.3.1.1 suffers from multiple directory traversal vulnerabilities.
c2e61c56d5fe28f5d6fee6b4c1a3e0cc6c2f56409908e471f9bd8fd501c9d352GetSimple CMS versions 3.1.2 and 3.2.3 suffer from persistent cross site scripting vulnerabilities.
673085354c1aa7a5d4988c8b7f096e0d825a07b9c4a4d58be0153ed65f72251dDredge School Administration System version 1.0 suffers from backup disclosure, account disclosure, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
eaa701db8fbc9aa704db6e8e1be81611fe3f74c47f614015cbb7b7a87085e20eMiddle School Homework Page version 1.3 Beta 1 suffers from cross site scripting and remote SQL injection vulnerabilities.
fcd3ad9c7685362a7f5ddb3ff01ea249fd41a62d27a1e24dce1b1576f9bd6707Command School Student Management System version 1.06.01 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
f21fadfba66ed93c307bc2f7a2247cee0d8a016bcb82c7f40566e62dc5b4bc10
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed