e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability.
56bd876fd3e9e58a94c3248fcca4128f67bd75df9310ba5fdddc5ae0a7a6879cCitrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities.
d1476599affa41b884dec786579a526abb8aa5d7a7e7ce2a41d003a8d5c21aa6Alfresco Community Edition versions 4.2.f and below suffer from multiple server side request forgery vulnerabilities.
19ce2a94ba7b3ac977579971c45cb86e989ade80fc0002971cfee5378a52f153Joomla Youtube Gallery component version 4.1.7 suffers from a remote SQL injection vulnerability.
8eb97c488001bd59478d014e3535c51b5f47ba324ae8929abe3595af874685f8Concrete version 5.6.2.1 suffers from a REFERER header-based cross site scripting vulnerability.
5132ad0d776021270916cb7e3a628f5ae97560841c95e08123603a834cf8f018Open Web Analytics version 1.5.7 suffers from cross site scripting and remote file inclusion vulnerabilities.
4b3162ed902e22cdb6df8c7de9319eae0d70804ef2bf9685c2ff32894c2d0b84Proof of concept code to exploit an NTP amplification attack. Written in Python.
4825e58fe082ae9df2ef9e5db59a2b9dc9323b9a9efec7171608ac233a55b7c7Boat Browser versions 8.0 and 8.0.1 suffer from a remote code execution vulnerability.
15064e206d7c3a806c6cccf757aad7b42f8819d6495051b1bbb5a37390b2fe12The Wordpress WPTouch plugin contains an authenticated file upload vulnerability. A wp-nonce (CSRF token) is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to the upload folder. Because the plugin also uses it's own file upload mechanism instead of the wordpress api it's possible to upload any file type. The user provided does not need special rights. Also users with "Contributer" role can be abused.
3b83080229ddf1398d4c0e14805e19037ba1387ba609af42952912ac8e1c07bbBrowserify versions 4.2.0 and below suffer from a remote command execution vulnerability.
e8919d2a8ef51b9aa8f5d664f2a60bf400d82492defbb3819624caf491329efeA vulnerability within VBoxGuest module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Oracle VirtualBox Guest Additions versions 4.3.8 through 4.3.10 are affected.
23d2e313c1427a208d2779f1e9be216e6d3f6f4025a67191718be30d6c492262OctavoCMS suffers from cross site scripting vulnerabilities in its administrative panel functionality.
959d307a49e3a67b8d7ac7ec862c293249bd9716566f7d28742b776f11e9461bHP Data Protection manager version 8.10 suffers from a remote command execution.
72ed8aa446b8dbbc1ffeba0993da64ecfc95fa1b6da8e80ef2701ad611f32d1dHTTP requests flooding an Elipse E3 Scada PLC triggers a denial of service condition.
65f5fc97bc8d00f15669db0bbffd8cdcdca03af1247dd6f844cccec55d045fbdSqlbuddy versions 1.3.2 and 1.3.3 suffer from a reflective cross site scripting vulnerability.
c03dd069f7f44d259ec27c3128ecdb5bcb085ac70d888a16525eac72a1d4180dOpenCart versions 1.5.6.4 and below suffer from a PHP objection injection vulnerability.
663873769c470a4e3c4873762728fbfdc6d21b8ca404b7e2e387b6e5ecd39c4eWordPress Tidio Gallery plugin version 1.1 suffers from cross site scripting and remote shell upload vulnerabilities.
4cf61990f3046e00682cebed16ac681c320e26535c3b1ee57aec2aa0f1b6ff6eWEBMIS CMS suffers from a remote shell upload vulnerability.
96392e19f615236ba519d6d55815c7771af73e6df1a82b98a57fd26dfbc83d08WordPress CopySafe PDF Protection plugin versions 0.6 and below suffer from a remote shell upload vulnerability.
43d587958f6cbd2b437cc72de392e89b6deef2dd6b31414582cadb949647c033User credentials sent to united.com did not transit over HTTPS upon submission.
b8e25796c63cdf0f3589e2be7707e41dd0340542c486725ce5ef88b491926261WordPress DZS Video Gallery plugin suffers from path disclosure, cross site scripting, and remote command execution vulnerabilities.
e5fcc59b2473a572157036fd97f7420ad7408afc32ba7cb61ba10065f6bb6680The Private Tunnel application suffers from an unquoted search path issue impacting the Core Service 'ptservice' service for Windows deployed as part of PrivateTunnel bundle. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application. OpenVPN version 2.1.28.0 (PrivateTunnel 2.3.8) is affected.
1982811cca8c4967ad80bdbb680ede09b9ad33b3645539f9d125c817aa9bbe3aSchrack MICROCONTROL versions prior to 1.7.0 (937) suffer from cross site scripting, weak default password, and data disclosure vulnerabilities.
ac3daaa3ec1fea3bd206d4c88bfd45b9b0def76b61c4b06bde03b01f98f45c67Shopizer version 1.1.5 suffers from authentication and authorization bypass vulnerabilities and also has a hardcoded default encryption key.
3151b133fe3a990ab5b4430efd7f97f3a1ea24619f03afeb2acc81fee40ad78cShopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.
e4162980efab523974589c1d3461783cd9e47700688234801663f08a5f929a8d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed