WordPress Slider Revolution Responsive plugin versions 4.1.4 and below suffer from an arbitrary file download vulnerability.
5741a1911337aab8b63be960a0944a5df6cd526dcc7be9097e32d2f40cfaa290Sagem F@st 3304-V1 suffers from a denial of service vulnerability.
089e8d0a65adc5f8eab0b71bb5f705b88968a278bc59b169bca15e150f1b2b50Some products from dtSearch Corporation suffer from DLL hijacking vulnerabilities.
87e83a726c488205e1c94f35efd7cb24908ceba7d6b5cee6a82f172f67229feeWordPress Lead Octopus plugin versions prior to 1.1.1 suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data. NOTE: The author of this plugin has contacted Packet Storm and claims they have fixed this issue as of 2014/12/07. The fixed version is 1.1.1.
e229e4737c7358e8d3d774eb912c332444859671ff6cfb1f926797bc8f4fcf09WordPress FBGorilla plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
f89f508dfe6ffe796d290addc918b30d1491a26d310f6cc72ac228fda1c72c98Netgear DGN2200 with firmware version 1.0.0.29_1.7.29_HotS suffers from a password disclosure vulnerability.
fe3616ab9fc7139749487df4bffe5aaae99e953e9bed6452c87d511fe27628fbMoodle version 2.7 suffers from a persistent cross site scripting vulnerability.
959eea10516335cfd227b085fe290db6e24c09b51b65eae621a5fba7876d90e6Zenoss Monitoring System version 4.2.5-2108 64-bit suffers from a persistent cross site scripting vulnerability.
b6b364b0ca0afa7eba0ab172d073556261e1df677443861f1f420ec11a947851Easy File Sharing webserver suffers from a persistent cross site scripting vulnerability in the forum messages.
5fc2edb57adb417649cbb0813d961bc52ba43a0b6708d698727e55ceb5ae4c10A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This Metasploit module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process.
c3dce854c36c28e545304c300892721f5fed0a84228f0ce24204cc34d072d2a6BulletProof FTP Client 2010 suffers from a buffer overflow vulnerability.
a3e7475d74bd6f99e53fd8483d4127bbad6e74912100255cd47b89d09a52540dUbiquiti AirVision Controller version 2.1.3 suffers from an overly permissive default crossdomain.xml file.
6318c6697c238ece9eeaeec23969f86bf02a5ced36a26fc6cec3e4b648f18ab6Ubiquiti UniFi Controller version 2.4.6 discloses the administrative password hash via syslog messages.
597a700074a9e5cd6247e5ed9af269ba563e594e93c3abd71b128f81eabf405ePligg versions 2.0.1 and below suffer from remote SQL injection, path disclosure, and remote command execution vulnerabilities.
1106d40e63dfda0f4c08b105daf37ddbcff5e05e6e778d344963e51577050f2aParallels Plesk Panel version 9.5 with Sitebuilder 4.5 suffers from bypass, file download, shell upload, and cross site scripting vulnerabilities.
83b4cbbdfd10cf94646d23defcb68ffc78fee068d10cb70d6204e6c4c6d7f949Make version 3.81 heap overflow proof of concept exploit.
14b0b140bd73a1914aa006a6dd5d4e0cde53830c36bf9682c1ad8162aa589d61Lian Li NAS suffers from hard-coded cookies, authentication bypass, backdoor accounts, privilege escalation, and various other vulnerabilities.
3beb9f254b611e2bd928ddade1f770e4ee79355c995275396c0bd8b3574ada1dOmeka suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/items/add' script thru the 'file[0]' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/files/original' directory after successfully disabling the file validation option (or adding something like 'application/x-php' into the allowed MIME types list) and bypassing the rewrite rule in the '.htaccess' file with '.php5' extension. Versions 2.2.1 and 2.2 are affected.
0a1342ee773203c952cf130020bde67a3a822d5d3ee8eec7f9380b7a27d2f503Ubiquiti Networks UniFi Controller version 2.4.6, mFi Controller version 2.0.15, and AirVision Controller version 2.1.3 suffer from a cross site request forgery vulnerability.
cf5d956415dfe69bd227bf92fe0ee5baa564b421821ec63c1aeec8494b6581f5WordPress Video Gallery plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
fa03954d2dcdb36b2c9e8c2703248818216e1246ba65e78aacd009799544085fWindows Mail will execute a rogue program if it is sitting at C:\Program.exe.
f3534d160722b0c8512076ca40f68dc52eb9958ad735b147cbbd847d80bd678aE2 version 2844 suffers from a remote SQL injection vulnerability.
63913ddb814634966361c1f31d81e76051565a5ad0dff9f9eb82add59af7c65fCMS VIA-X suffers from a remote blind SQL injection vulnerability. Note that this finding houses site-specific data.
c576b69c2407c32e44d916f75ae68e671126b59ddd77b7b21af755f15504f105Ukora CMS suffers from a remote shell upload vulnerability.
4939be5f0624ca40f27c3c657fb7fdd215ccd01bc9e2bf573955798f67f0fd80DELL SonicWALL GMS version 7.2 build 7221.1701 suffers from multiple reflective cross site scripting vulnerabilities.
8c628a32636a204c5621e732a5912dbe9bec353645b48fb912eabe6942908969
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed