Lantronix xPrintServer suffers from remote command execution and cross site request forgery vulnerabilities.
ff6469302e547e01bb9030847093051785ad3cc7d9ecacc094da02afa766ef4fCorelDRAW is prone to an off-by-one memory corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious CDR file to execute arbitrary code and/or to cause denial-of-service conditions. Affected versions include 17.1.0.572 (X7) - 32bit/64bit (EN) and 15.0.0.486 (X5) - 32bit (EN).
d61e01adb66b6c79e68ff44e6a3ed5a2754e9b02ac1089137243b5f364608afdF5 BIG-IP version 10.1.0 suffers from a directory traversal vulnerability that can allow an authenticated user the ability to delete any system file and enumerate their existence.
48c9228a0d762c37bb5420392618ef603f34d99d02096e06b809d1aaf78e9bb6Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.
e559a6fc29b5452cf0090e6cc326b4afa0c52ebd83000579ad0a03b5b75fae8aPayPal suffered from an arbitrary code execution vulnerability. A filter bypass and persistent bug was also discovered during the testing of the same vulnerable parameter location.
fed3658f23386986e4d659208a3fb49d27afdec96066ad71c77c587d4346e94bMicrosoft Office 2007 and 2010 OLE arbitrary command execution exploit. This exploit will not give a UAC warning. No .inf file is required in this exploit. The size of the executable payload should be less than 400kb. Python 2.7 is required.
67ef05e93ca36b2752d2f86818c0b19ab0cdbed8a586badc23f5f694ed829e86Piwigo versions 2.6.0 and below suffer from a remote blind SQL injection vulnerability.
8e34aa5cc38234e00ec76daa8cd462763d9355b1d33754d7f3b38738477d41ecEleanor CMS suffers from an open redirection vulnerability.
84411384c7aa25e58ed05f7ed500b0c0f671a12c0994b2a76e3965c107e7b735KoschtIT Image Gallery version 3.2 suffers from a cross site scripting vulnerability.
d995444066c1089280796083a3293f20919b5d37944e1a2be12d1a7cab2a8a5awebmail.mit.edu suffers from an open redirection vulnerability.
71230acbb262cb99d7292fd923315777ab2695cda3d14a7cc42d66e422911466PHP-Fusion version 7.02.07 suffers from a remote SQL injection vulnerability.
2249d0cca1dcee7f7c100fe42427bb2711d8fd3554f226cd372966d7f53926faProgress OpenEdge version 11.2 suffers from a directory traversal vulnerability.
2a7af6c9e05a8a5ed21c61c5a6187aa19d5abef257d9b8271a276a0e2a7a0f0cMicrosoft Internet Explorer 8 MS14-035 use-after-free exploit.
e3033fb7f9cb434533a100773bbe5fe178c4d89890c26940b7e6ed828fea0b2aMonstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.
333a7cbaeed3cb481b4ccd4a7866dfecf3b66efe774dfea04879157048aaa69eAnchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.
d1627d2ea7402acbd8c551b616bb1440bb991963b32d178d425ebbb7de626061ZXDSL 831CII suffers from a cross site request forgery vulnerability.
843e8f18a1aecb19a3193b0c21a2f4b43254e1c19a3543a86ca96e33f9b2994aIP.Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
1029fca8f5a270ef99408d415c08dcdd94232176b52896c8e45f98f4907417f9X3 CMS versions 0.5.1 and 0.5.1.1 suffer from cross site request forgery and cross site scripting vulnerabilities.
c0f412e75d49e1016a81bfc9b778be1b4b23e45e968f63e05b4d8159c3fdf6ccManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.
e1d27a945d66b81aacad98744ce5c1ea61a78584d22cd9c389042300b551cdf0Password Manager Pro versions prior to 7.1 build 7105 suffer from multiple remote SQL injection vulnerabilities.
5f8f9ebe071b8c050eea45fd8ab2cfe66c95dbbe6b9b588dc687571121b75611Another WordPress Classifieds plugin suffers from cross site scripting and remote SQL injection vulnerabilities.
8e3cc50618209d35d2db5cfcfaea563a32e2c93be193dbca495188aee7164daeThis Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.
8a3b765845b48b56bd638e90b38b71b9b937f492e8f972a8b7552ad9f1f4c4ecPayPal MultiOrder Shipping suffered from a persistent cross site scripting vulnerability.
5a555cb13c0843865e07033eaedb436a8099f4e34444c8759e1631d75586f410BookFresh suffers from a persistent cross site scripting vulnerability.
91e749731d9d6e88e3a23f12ded9479d506b87d60cf3ea412ed286b913acf976OX App Suite versions 7.6.0 and below suffer from a remote SQL injection vulnerability.
e90b305cda305ae3ab8aaa3cf59b529eb43f81db98e02e577ac0b8865f49f4a4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed