Mailspect Control Panel version 4.0.5 suffers from remote code execution, arbitrary file read, and cross site scripting vulnerabilities.
93840f05f3284db346ab563d9c92844b1815684ffd7b76a7df35d6f2fd20dc78HP Enterprise Maps version 1.00 suffers from an authenticated XXE injection vulnerability.
49cac9392e67761747314562b60d157df35c9cc117dcad5865d91f95214595b0WordPress Simple Share Buttons Adder plugin version 4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
9b7e8bd26dee08baac6ace569d5e3efc78505ee6d9b668bbb0577bd8be00f138Thomson TWG87OUIR suffers from a cross site request forgery vulnerability.
95c9c6a1307d99533c4237f526c60deee7797da36e9b73b5208b2f1c35485570RedTeam Pentesting discovered a cross site scripting vulnerability in Endeca Latitude version 2.2.2. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users.
0117a3582adcb45df2d59f7d5cf251f3aba0c99f2fe951f5b651db6fdbed6f34RedTeam Pentesting discovered a cross site request forgery vulnerability in Endeca Latitude version 2.2.2. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely.
99a9fe37102713781cb33e19705a416f50053d6d7e9f3c43db8e55b55166f87dStoresprite version 7 suffers from a cross site scripting vulnerability.
c6b72d41875e95a461df516082b4ea96529aa02422c666dd78d99280ba2170faDrupal versions 5, 6, and 7 suffer from a cross site scripting vulnerability.
0a41801d96ef56fb221a470344be2e6815c1304687e4a5802e95ca5896451f33This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.
ea90ec1ce02362764c088f9a23d4e3e49eb058ef8047c0f1c9b916a1d71d04e3ZeusCart version 4.x suffers from a remote SQL injection vulnerability.
14392edcd2386fc3bfa622c4621025b3d4cac45565be688d86e2d5c417ae827bMicrosoft Dynamics CRM 2013 is susceptible to multiple security vulnerabilities such as cross site request forgery, cross browser, replay, and file upload attacks.
6b2cfd8531debcc4385762b23654dceb2f5f418d1dd4aad882be46f1e63e17e0TimThumb version 2.8.13 with WebShot enabled suffers from a remote code execution vulnerability.
6c1a5f9fe02b211531e8610b366ae5ef5647ad9b838030ad32e7a11481a4ccacThis Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has been tested successfully on D-Link firmware DIR645A1_FW103B11. Other firmwares such as the DIR865LA1_FW101b06 and DIR845LA1_FW100b20 are also vulnerable.
450e0c17e9ed8a5889f1222fd8943a072ac89cff24fdb5117836d675f119995dThis Metasploit module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This Metasploit module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.
34fd8be52c6556ed2de772a2ee3aff9ac71be9f460f14eb17c88ae1909383dd4SpamTitan version 6.01 suffer from a reflective cross site scripting vulnerability.
f3ac07a043a85c59a96327ff59d22880505e159ff1b3503616bcd8dbd5fce37cThis script automates scanning for the Supermicro IPMI/BMC cleartext password vulnerability. It can check full subnets or individual hosts and includes an option to scan via proxy and to view vulnerable hosts listed in ShodanHQ.
e368bb65b92ec2b0491d4f9bcbea58351c46f62c857e2b132316a9843b04816dThis whitepaper discusses a stack-based buffer overflow vulnerability in the Android KeyStore service which affects Android 4.3 and below.
f7115facb01ba5509340d2f23ccfd38240c5a8ae2b85f19bd810f467d71ca0f8Lunar CMS version 3.3 suffers from an unauthenticated remote command execution vulnerability.
cff5b37c375544761fa806bc0c3496e624435a0bcb64202783a8ab5a37b0b5c2Lunar CMS version 3.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
2786bb0d9b249dc88b29677559cc03c90654a9fe474bbf1f8796fb995d991d29jQuery PHP suffers from an arbitrary file upload vulnerability.
2bf4e4f31376b7556b6ba8b6036a5e825ddbd951e030c18fb242c9636f7d28c0The Zyxel P660RT2 EE ADSL router suffers from brute force and cross site scripting vulnerabilities.
803511c1a74b8532c76db7aab68ac5d70891d93d27344457fe287363c3a140d0User Friendly SVN versions prior to 1.0.7 suffer from a cross site scripting vulnerability.
2563320161d0c04a3683751b1af8691a3a5d0135333e64fcb8888672f2dd61c4Linux Kernel versions 3.13 and below local privilege escalation proof of concept exploit.
1ac2109c899cc9ed0d918dfef397ba64d9302acb0de0d5206638e54f5510f29fZeroCMS version 1.0 suffers from a remote SQL injection vulnerability.
d4adc25ab654f27e19d62dd54d52cac4e301868fead6c76b8d36705d3ef376f2This Metasploit module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the update_system_info_debian_package method uses perl backticks in an insecure way, allowing command injection. This Metasploit module has been tested successfully on AlienVault 4.6.0.
f41d6bd5cd5cf9bdeabe5b3bc68136db162011629dbe4d4e9286da318c9234c8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed