ClassAd suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
02a2c0b255ff4254797f868e19ff5ad1d09521aa1ffc45f92f2aa33e8a00bbefSites using Flying Cart suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
94e71e6c1f57749ac86022d71ebb2690578d7642017877347bfa8c2e2f9cfb4ePerseus' Java Hopper suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
1a952079b2e021364160e3158865b9764b672b7331c8c743654ad542bcd9340bThis Metasploit module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This Metasploit module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This Metasploit module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.
cb1b416c6a81192072db5387c939127cc89639e3ba035c140a68125e64bbc407AoA MP4 Converter version 4.1.2 suffers from an overflow vulnerability.
cd63ce9472faafdf4e2e783946b14d6f167f018ab91f2599cfb2ebd6900462a4SafeNet Sentinel Protection Server versions 7.0 through 7.4 and Keys Server versions 1.0.3 through 1.0.4 suffer from a directory traversal vulnerability.
44d8d12aafec471f9f40aac23224aaabaa726ad6187322040baee9fe298880fcJavaMail does not check if the email subject contains a Carriage Return (CR) or a Line Feed (LF) character on POST multipart requests. This issue allows the injection of arbitrary SMTP headers in the generated email. This flaw can be used for sending SPAM or other social engineering attacks (e.g. abusing a trusted server to send HTML emails with malicious content). Versions 1.4.5 and 1.5.1 were found vulnerable.
405fd5ea751ac4705c07542a270ee08ffee8bea6e4c25464024c27431b045351Clipperz Password Manager suffers from a remote code execution vulnerability.
a389dff208c61b443364f2e6e4129153bf3222246ff2df01244a949c8e244afeAoA Audio Extractor Basic version 2.3.7 suffers from an overflow vulnerability.
dcf9cf1e13d58871d2e0e4bc3827849243e29adbcd9d4d52281ed0f2d1705f6cCyberLink Power2Go Essential version 9.0.1002.0 suffers from a registry SEH/unicode buffer overflow vulnerability.
c4ad3ea0e0cf296b67878e6a6773f715ce52a1c11772efc0549219c883df125aAoA DVD Creator version 2.6.2 suffers from an overflow vulnerability.
2f31adef0c26503f7dcc55055e82e81b9c030906ddfc9884aac7a7f920f2863eSeo Panel version 3.4.0 suffers from a cross site scripting vulnerability.
a478c32cb9af5fb501f74cbb29a394595bb4f20a6926285d8f761e38231064c9This Metasploit module takes advantage of three separate vulnerabilities in order to read an arbitrary text file from the file system with the privileges of the web server. You must be authenticated, but can be unprivileged since a privilege escalation vulnerability is used. Tested against HP Release Control 9.20.0000, Build 395 installed with demo data. The first vulnerability allows an unprivileged authenticated user to list the current users, their IDs, and even their password hashes. Can't login with hashes, but the ID is useful in the second vulnerability. When a user changes their password, they post the ID of the user who is going to have their password changed. Just replace it with the admin ID and you change the admin password. You are now admin. The third vulnerability is an XXE in the dashboard XML import mechanism. This is what allows you to read the file from the file system. This Metasploit module is super ghetto half because it was an AMF application, half because I worked on it longer than I wanted to.
32678ccb2a4454a4f3176a572bfd08436712de26dce1cdfb8b2986d281d3c14eXOOPS module Glossaire version 1.0 suffers from a remote SQL injection vulnerability.
a4470aa99ea11a5f9c282b6f993f8063c3a3288f96bffe613ee69ced409f8c79Wiser version 2.10 suffers from a backup disclosure vulnerability.
c26e09ae50d4b608b25cd47bc4c0eb2709de37db147ba812378aa9348bd8f835SMART iPBX suffers from multiple remote SQL injection vulnerabilities.
0e228b7ec6d89267b0aca22b0aae4fd724817db1d8173289e79cab2dafe203a9SIP Server by Kerne.org suffers from remote SQL injection and backup disclosure vulnerabilities.
fe39892f12c45c5cbcc5327efd59baceaf7617936f8dda149687a54792646c31PHP-Nuke Web Links suffers from a remote SQL injection vulnerability.
7d294df4f893166c5d430655e923ffacdae294f6c98718bca8371ebefc94493aCRMAPP suffers from a time-based remote blind SQL injection vulnerability.
7a1d6906587fbf34c99caa70266be93714a76f56d009b6016009ad37a07574e3Construtiva CIS Manager suffers from a remote SQL injection vulnerability.
7136c76d7db570fc9ac688d69aeeca0d8846c1171cdc6199197d0dcc66015ca5Nagios Plugins versions 2.0.1 and below suffer from an arbitrary file read vulnerability via check_dhcp.
06b295d336a8c90eb6729752963778c1daffd50f2c930f399a48e00d05704d46WordPress cnhk-slideshow plugin suffers from a remote shell upload vulnerability.
559f24d812b08368e3f3bc3029d3d487db79d8b401ebfa988c6541b0381bdef4UPS Web/SNMP-Manager CS121 by Generex comes in with a default enabled "service"-port, that makes it possible to bypass any specified login for HTTP(s), snmp or telnet.
4bd1c3577ab09b7e5e33f32952b9014f9f0a435701fd9a44164f65c1033552a0BarracudaDrive version 6.7.2 suffers from multiple reflective and persistent cross site scripting vulnerabilities.
d41472b73eb1e68306169abb69831256e5000c2d91afe4d895f79081b2bd8cb6EGroupware version 1.8.006 suffers from code execution and cross site request forgery vulnerabilities.
7d08464cab77afb7f22daf9c5a982166be13306330e34cbf9aa49130bbce7d96
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed