Joomla Spider video player version 2.8.3 suffers from a remote SQL injection vulnerability.
6ed2b156ade9720a425662be9c1826fcea87daa3ea39ee657f3b9d9512527ac2vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities.
88cde664c272d996d08d14171c3255608195c5e43983024662c4b1a6061485aeWordPress WPtouch Mobile plugin version 3.4.5 suffers from a remote shell upload vulnerability.
7edb381dc99e6e071b376894e47673e6a5d4a2b0f2bbc8d49710cecd99b9eb26WordPress ShortCode plugin version 0.2.3 suffers from a local file inclusion vulnerability. Note that this finding houses site-specific data.
ef4485a00a05196cc2ba090494ef148cd178da683b19a50a019daa50233fd67dntopng version 1.2.0 suffers from a cross site scripting vulnerability using monitored network traffic.
416f680eca8af567594e8b6d180dbb890b3878af0da9c1fadbc83a8c0321e8d1Dragonfly gem version 1.0.5 that is used for image processing suffers from a code execution vulnerability.
73d1691babfa29eb6acc63825a9b9c11c898fc71bcf13f71d6edd27512467136VTLS-Virtua versions under 2014.X and all of 2013.2.X suffer from a remote SQL injection vulnerability.
0ed68a92acb71c2b4782d8ca3eae4b92903781f036fd18f10eded456952c6dfbBarracuda Networks Web Security Flex Appliance application version 4.x suffers from multiple persistent cross site scripting vulnerabilities.
f9fbb5dd5944a82fd180aaec52a36c4c69a4e909cf944956e674721c4399c8b0Barracuda Networks Web Security Flex version 4.1 suffers from multiple persistent cross site scripting vulnerabilities.
ece2c59c8d74f20072a1679a21750291f342d6dd646304a909824b4550e4fc97SSDP amplification scanner written in Python. Makes use of Scapy.
faa957efd4fa5aa13163e90e0aad0e3bc11900ced7ecb7b093daae7820f92053Air Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.
b8c61362492344b22533cf0c29ae89e1126382231a1db7c063c8dfffc085a1daMEHR Automation System suffers from an arbitrary file download vulnerability.
43237482bf048fe3e4d3a8426312aff9c448c4522aee0f9855cc51af36bee3d7The Online Time Tracking application from paydirtapp.com suffers from a persistent cross site scripting vulnerability.
18b433b693fcd82a50e6e2429514d31e634805f790d3d1ad87ec5e529f7c4c67WordPress KenBurner Slider plugin suffers from an arbitrary file download vulnerability.
0d8d60eff80420577c5cf79690cc7f6d887078835dd87f351ab0bb4af085615d@CMS version 2.1.1 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
e6854c856557d35be96b4420bd74f6f1855d65f1a97995aa9ed4e9ce797e38c4SMF allows for a denial of service condition due to a faulty filter.
a17c1fc2d75d13b9b2542fff763dfc53947c4fb73ba1599019190380ddc685abInnovaphone PBX suffers from cross site request forgery vulnerabilities in the administrative user interface.
2c0df44e0bd7ea867e3d05730352bfb283978ace1116d35dc39ded95dd584decFatt Free CRM suffers from a persistent cross site scripting vulnerability.
075c9364c40e51879675adf412d10c0e60eaba645367a9036c80e3b0415405c3This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as the user in Linux. This Metasploit module exploits both PostgreSQL (newer builds) and MySQL (older or upgraded builds). MySQL targets are more reliable due to the use of relative paths; with PostgreSQL you should find the web root path via other means and specify it with WEB_ROOT. The injection is only exploitable via a GET request, which means that the payload has to be sent in chunks smaller than 8000 characters (URL size limitation). Small payloads and the use of exe-small is recommended, as you can only do between 10 and 20 injections before using up all the available ManagedConnections until the next server restart. This vulnerability exists in all versions released since 2006, however builds below DC v7 70200 and PMP v6 6500 do not ship with a JSP compiler. You can still try your luck using the MySQL targets as a JDK might be installed in the $PATH.
2303a20c633607820360bf175e8ddcfcf3d6b6b09c0f821b088c81147d0f9348MyBB version 1.6.15 suffers from a cross site request forgery vulnerability.
1d3cbd754819ecc59f45d3c06619581f1198302e0b64245967e18910a34dda88CMS Agencija O2 suffers from cross site scripting and remote SQL injection vulnerabilities.
f07d37bc985640df912af83e027860dfb44dd82b807aa4a00588820ffcce80d3MyBB version 1.8 Beta 3 suffers from cross site scripting and remote SQL injection vulnerabilities.
dabab641dae9255bac128fc3d2e933d5be5af5ba51c232b96f0fc9c5c33828a7Content management systems designed by Dashing Times appear susceptible to remote SQL injection vulnerabilities.
8e1e463761d4827cd6a59576788f068dfed5b06371c54dc07fa1ec37a0bf4210WordPress All In One SEO Packet plugin version 2.2.2 suffers from a persistent cross site scripting vulnerability.
fda7f45cc565a3147e5ba92c58662a487ff60f0478cb6e7f55ce73080ff1e02eArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.
7c5659fce0f2f013119ba1cb640fb4096e1cb15afb78f203f05a4d647b441c86
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed