Dell SonicWall EMail Security Appliance version 7.4.5 suffers from persistent cross site scripting vulnerabilities.
0cfbd724c69d47de7c17ff8278ec80b9408046b5efab05889637c9e367bece9dGummy Bear Studios FTP Drive + HTTP Server version 1.0.4 for iOS suffers from a code execution vulnerability.
b239f066427e1022589e0ecbdd1ac1858155184f9aae8a056e457651de06e2ebMonoprice.com suffers from a shopping cart enumeration and arbitrary modification vulnerability.
7b9f5cdc8364d0860d1cf8260917384a3a43ecb7c6e7ba1fc99e01b8224f6e12LinEx suffers from a remote password reset vulnerability.
569bcb618840b33281332aff7f027c187d8587d4ff30e0e14d3c71181a5ecbc3Beheer Systeem :: Inloggen version 6.1 suffers from a remote command injection vulnerability.
71ed88b33d6cfd66642d0a7f54632ba605ef5c360563a06883fe978f05d0ce06DotItYourself version 6.11.060830 suffers from a remote command injection vulnerability.
4253076bdabe92fa1b44b078b7bea0b2a8c511f30f794954f338db88674e1a85Allied Telesis AT-RG634A ADSL broadband router has hidden administrative unauthenticated webshell that allows for command injection.
e3656907ce60bc967c703eead969f7f9b2ab164514e55b51d9246f8a9fad51caVirusChaser version 8.0 stack buffer overflow exploit.
6ecbff68b7197ddb88d7ad80fa57db0def9d0748f4668c04b41b49f4bea3101eCouchDB versions up to 1.5.0 suffer from a denial of service vulnerability.
c6a608654fa5592ef05092fa31b0f667e9d283fcfdd700bc26d2fcc069fe40e6Cart Engine suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory. Version 3.0.0 is affected.
96827d831045ae34ca4e250341d2bb5d34d2c393b7e1b2c30722378dcbb33018Cart Engine suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'run' parameter to task.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks. Version 3.0.0 is affected.
e6438c80cea51cd67f5b475b75797244bde2786c6699715eb2d377adccfcc5ebCart Engine version 3.0.0 suffers from a database backup disclosure vulnerability.
c7cf38ab11e6169d1cc1ba8f453fe47dd8768354389975edf2b1d86f00798b8aKemana contains a flaw that is due to the 'kemana_admin_passwd' cookie storing user password SHA1 hashes. This may allow a remote MitM attacker to more easily gain access to password information. Version 1.5.6 is affected.
a05a7aa326979bff6b52716919249f5f27c6dfe85a75b89136e3a0640f8527f4Kemana Directory suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory. Version 1.5.6 is affected.
0a9db43d181684d4b67300a7a8625d1771c50ac3101d708a1e0875bb7283adffKemana Directory version 1.5.6 suffers from a local file inclusion vulnerability.
8280cb54fa2414d97ddda5ca6dc643d446370afef4e1233e02d3910a6f6a12ceKemana Directory version 1.5.6 suffers from a database backup disclosure vulnerability.
b881b2ca8151d4b9ced7f6b0bad082ecdb8a0d92afb40a6cb9b480ebe7e085d5The CAPTCHA function for Kemana Directory is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. The function 'qvc_init()' in '/includes/function.php' sets a cookie with a SHA1-based hash value in the Response Header which can be replaced by a random SHA1 computed hash value using Cookie Poisoning attack. Successful exploit will allow attackers to bypass the CAPTCHA-based authentication challenge and perform brute-force attacks. Version 1.5.6 is vulnerable.
0bbff6971475a515bf53c4adad31d393da5d381a7dab0bd0af11b3b1eca540c9Haihaisoft HUPlayer version 1.0.48 buffer overflow exploit.
312f190b56156e4a5cc161186004f6f6ab66d996805794fdfcf9a134f23fdba0Haihaisoft Universal Player version 1.5.8 buffer overflow exploit.
1eb1a1c521bb6b91b7db8e8b5979e0d6f55e3c47414fda473f5fffc0a00327afOpenCart versions 1.5.6.1 and below suffer from a remote SQL injection vulnerability.
703149d4078abdc95ff0f473bd181a93a4f3386cdce4320a2ca8744e981ee3f6This Metasploit module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.
e0371216c7f1d8860897ca9e5f3d083fc1371c2aca741321b8cb6ff295f73dbfInterWorx Web Control Panel version 5.0.13 build 574 suffers from a remote SQL injection vulnerability.
afe204bd4b2997915e002624fe94d4bf76d844faa9571607108500b7840dbc16EDITStuff version 6 suffers from a remote command execution vulnerability.
06f370fb97a0e7da39a9a0cbebd48d7b55eb97d5f9bebf21fd64712e2f49061eiThoughtsHD version 4.19 suffers from cross site scripting, denial of service, and null byte injection file upload vulnerabilities.
b199b6f0f1f8a2eca6898cd60ae8f911d2ac84d212c86fb60f88639298107746When authenticated as an administrator on LifeSize UVC 1.2.6, an attacker can abuse the ping diagnostic functionality to achieve remote command execution as the www-data user (or equivalent).
efca4edbd5362527ab761c155c785c794bfe447ad8520c997f75d88b0393b019
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed