WebGUI version 7.10.29 suffers from a cross site scripting vulnerability.
3d3e6b21fe45432b0e40db0c1889193862c287262d17d520f6fe75f10e008edcFile Pro Mini version 5.2 suffers from command injection and local file inclusion vulnerabilities.
61cea2d0f359c24b386460b827adaf2a360bd5c83cb5f78946a2cc9790c4555aVeryPhoto version 3.0 suffers from a command injection vulnerability.
a176d6e3ecc622dc3aa6b5a3e580652f3cd38b8d3c1db5d1822ae3490e2b1984Sim Editor version 6.6 stack-based buffer overflow exploit.
0f061824fc59baa0d38bfd9364ff194c26e0a2185d52c693740a5897afacaa48Facebook Mobile allowed for a name change prior to the 60 day limit.
e9022186bc9182406a9f7e6e9807d1d8c75ccb9ffbc563e752cb736aac563f8bCatBot version 0.4.2 suffers from a remote SQL injection vulnerability.
8ca8d8041febb4bd7e87451a3b49b4a0db8053b94320613163e2349fd83ba080Pandora FMS version 5.1 SP1 suffers from a persistent cross site scripting vulnerability in the SNMP editor.
e6fd854ee49192290abf5846acc7a072a9debbbaa248635f0fc0042fbd716a1bThe function CryptProtectMemory allows an application to encrypt memory for one of three scenarios, process, logon session and computer. When using the logon session option (CRYPTPROTECTMEMORY_SAME_LOGON flag) the encryption key is generated based on the logon session identifier, this is for sharing memory between processes running within the same logon. As this might also be used for sending data from one process to another it supports extracting the logon session id from the impersonation token. The issue is the implementation in CNG.sys doesn't check the impersonation level of the token when capturing the logon session id (using SeQueryAuthenticationIdToken) so a normal user can impersonate at Identification level and decrypt or encrypt data for that logon session. This might be an issue if there's a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section. This is the proof of concept code that demonstrates the issue. This affects Windows 7, 8.1 Update 32/64 bit.
4209894f8317e6b800fd3d23f74c828d6c6e1b7528046ac121ee759f36fecc03Alienvault OSSIM/USM versions 4.14.x and below suffer from a remote command execution vulnerability. Proof of concept included.
a68baa3bbf3f63879d7b7f3eaa8c9b8bc017abc0c0112daba2b272eca6043950This Metasploit module exploits a stack-based buffer overflow vulnerability in GetGo Download Manager version 4.9.0.1982 and earlier, caused by an overly long HTTP response header. By persuading the victim to download a file from a malicious server, a remote attacker could execute arbitrary code on the system or cause the application to crash. This Metasploit module has been tested successfully on Windows XP SP3.
d221161463d2ce4c841da81d4b8047cf3a870adfd262c14d29a88c0aff92cacfOn Windows, the system call NtApphelpCacheControl (the code is actually in ahcache.sys) allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext. This function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator. It reads the caller's impersonation token using PsReferenceImpersonationToken and then does a comparison between the user SID in the token to LocalSystem's SID. It doesn't check the impersonation level of the token so it's possible to get an identify token on your thread from a local system process and bypass this check. This Metasploit module currently only affects Windows 8 and Windows 8.1, and requires access to C:\Windows\System\ComputerDefaults.exe (although this can be improved).
36677bd1211abded7668cec79a01236adc56ce9a61fd946306e8c8d33aefa513WordPress Simple Security plugin version 1.1.5 suffers from a cross site scripting vulnerability.
7903268191af99e0f4af1ae087e4cd87915db78de06194ae76e97b648cdc5af7Proof of concept code that demonstrates a bypass flaw in Microsoft's cross site scripting filter.
0875f3451496c71e7cae3de5807a25a36dee4a8152a23f8e1981178604c35d34WiFi File Browser Pro version 2.0.8 suffers from a code execution vulnerability.
3a17fedccf065dba2df2c8cc06ab986128e6739ee172a59e2c48817e94704d18Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from a HTTP header injection that allows an attacker to inject a file into the HTTP response from the device.
ded2a0627c3a429a64de38ac35a2932ed3eba1561ee7e5b46f1a77886f913fddTechSmith Camtasia versions 7 and 8 suffer from a cross site scripting vulnerability.
0da3668d93c5d907fcfe6b8abc0ab9b5251abb5997b3d5d0d8042ce947378c29Foxit MobilePDF version 4.4.0 suffers from arbitrary file upload and local file inclusion vulnerabilities.
5f85f991b9a8dad94c8ffd8d5807d15fd8470726411c60a63efafc1858cefbceBlitz CMS suffers from a remote SQL injection vulnerability.
c66ceb6f433e98cdcfb6154dfe4e13c116eb212f54de99cc44c88cbcb6870da4Sitefinity Enterprise version 7.2.53 suffers from a persistent script insertion vulnerability.
bc702250ffdaf36a6363da46fb048aa11ee62eed45197602c51eac283f6341bbAnsible Tower versions 2.0.2 and below suffer from cross site scripting, privilege escalation, and missing vulnerabilities.
6e3115b310156299b33941a1b818a51f6f4f245f77904472bfc207672fab5870Congstar Prepaid Internet-Stick suffers from a buffer overflow vulnerability.
b161408db9940a56935ea3d2849edc91522ac265879fb0edcd77fc15f1807ba5T-Mobile Internet Manager web'n'walk Stick Fusion version 8.01.2015 suffers from a buffer overflow vulnerability.
6c14082d057cbbddf70192794e7aed3390eae31cd95dbd6f2dabe41eb835f51dCMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability.
4b95a602e4064b14c1925613d95f0cd6ab4878e0ce547bf1e2ca309b92c192e4OS X 10.10 Bluetooth TransferACLPacketToHW crash denial of service proof of concept exploit.
8c9dfd0cb0115429d6229b818d3e69f753cdd59dc26b6381a12ffcbf5264ccdaOS X 10.10 Bluetooth BluetoothHCIChangeLocalName crash denial of service proof of concept exploit.
a50ca06a0203967966d658916c7f43401c0a173e68ebcbb744f3d6d302b27721
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed