This Metasploit module exploits an use after free condition on Internet Explorer as used in the wild on the "Operation SnowMan" in February 2014. The module uses Flash Player 12 in order to bypass ASLR and finally DEP.
10fcb5c8d675a721b05ed3e69363ebeb92832f95ef6672333150a8c4b295da5eWebTitan version 4.01 suffers from remote command execution and directory traversal vulnerabilities.
31bb563ba45d9f1705203ffe533103b28d9455039d7f5594f6e0b5ff6584664bThis Metasploit module exploits a remote command execution vulnerability in Unitrends Enterprise Backup version 7.3.0.
990dbbca3608cabc6a86f28a9fb4e995a70d4fd9ca01cb2876fd6e886b835ca0Xerox DocuShare suffers from a remote SQL injection vulnerability.
359f347609e558ed6a4327b3bbf7312d0184b8b8950c198fc1929251921926e2clean_html in the lxml Python library can be bypassed with non-printable characters.
02b53f8cf39d78b7cfc1a5dbfd140961829e4754c5270a979f371e2ff32c11abThe Joomla SMF component suffers from a cross site scripting vulnerability.
691b1558f44036aa412a16d9d48319a2e05b950926b8f7adeb1cb8762a312014CMS iCAT suffers from a cross site scripting vulnerability.
4142a14039d875db3d4ba2aa458084220881ad8db02fefecb3781d62981f9bd0Joomla Wrapper component suffers from a cross site scripting vulnerability.
45596ee0e1e9bf3db9bb55c44f5aa93c0ce3579ef1b14446af9a10363d6940fcNetgear N600 suffers from password disclosure and account reset vulnerabilities.
3aa397170870ccd6711672cb816baf59707da906443dc86626bdc573625d75d9PDF Album version 1.7 for iOS suffers from a local file inclusion vulnerability.
66cdcedbd04920c8a4ed864f320c034c8c3f3060a833ede19baee91c2c19bfadIt has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 9.40 of HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility running on Linux are affected.
4616ed05d73796339b56863cd74126065f2db7cca61db513f69ee6a4dd874c0fIt has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 3.9.00 of BMC Patrol for AIX is affected.
d7bb7e62af377661d9e0fc40ac344b19949122236037b9511fb75a879d085addMicrosoft Internet Explorer CMarkup use-after-free exploit that demonstrates the issue documented in MS14-012.
c372cfa21ed6ed039af78c69c1242e4a591d2b3c923280149f5e686dbcd28be0The Joomla BeaconDecode component suffers from a cross site scripting vulnerability.
246d3ac6ff9bedeeee5714e263d3feeb085e0567311d93dced373fa7355869bcPHP Event Calendar suffers from a remote SQL injection vulnerability in day_view.php.
f2e5f97ec1c421bce7a7e7d28f1d98f1baf6873f75e6a7451aeb4db0d150ce4eCMS Int24 suffers from a remote SQL injection vulnerability.
d12be2741add1e1a5e5b7ab2f2cb8532476008dddec78fc15faa87b5ee7f608bWordPress LineNity theme suffers from a local file inclusion vulnerability.
36f6fffb4654c309248b74d286caf14ff027a0fafa757ba8eff1770f03237d7bThe Joomla EWriting component suffers from a cross site scripting vulnerability.
b0cbc36bb25288d02b019c76fd7c07d44954053ac3c4c5ec7a9116d986bf13feAdobe Reader for Android exposes several insecure Javascript interfaces. This issue can be exploited by opening a malicious PDF in Adobe Reader. Exploiting this issue allows for the execution of arbitrary Java code, which can result in a compromise of the documents stored in Reader and files stored on SD card.
741530d92bfaf4da803497f453dc0837b679b2a5894ee4de6911a114130250c9Sites developed by Madss Software Solution suffer from a SQL injection vulnerability that allows for login bypass.
071795ced008f1a2f8f7e0ed76fe71e5dda73f79782ffcf4c433c1e224510537PrestaShop version 1.5.6.2 suffers from a cross site scripting vulnerability.
a714c52feffde30ef61bd922b3d4fe052b8aff802397ee53a6e5999e0a7e5303Plex Media Server version 0.9.9.10 suffers from use of plain text protocols, insecure use of SSL/TLS, unauthenticated information disclosure, and cross site request forgery vulnerabilities.
3e1cb6d955b6c33349b4369cc89ac45fd2b1365efadc1a8d845bde2d9f7310d6WordPress Quick Page/Post Redirect plugin version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
543d850e6bb8f1097ef237e3be4e4595f53890211e8adf65315339525e89497dThis Metasploit module exploits a command injection vulnerability found in the eScan Web Management Console. The vulnerability exists while processing CheckPass login requests. An attacker with a valid username can use a malformed password to execute arbitrary commands. With mwconf privileges, the runasroot utility can be abused to get root privileges. This Metasploit module has been tested successfully on eScan 5.5-2 on Ubuntu 12.04.
be98f3a46fc9d7210a97e0f50b3bd1ba9ebef9cc6d3e9b5455d3e8e5c69531c0Woltlab Burning Board 3.9.1 pl1 suffers from a persistent cross site scripting vulnerability.
c5eca7aae45c7ecae901cc7a0eca5177eae979828c7eba201eabe71ece3f5c26
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed