OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey crash denial of service proof of concept exploit.
37db7c5a2fc6b69ab0ef0c6553eac0fc38305a4d5fb988f3709bb90a9b37f70cProof of concept code that tests whether or not a machine is vulnerable to insufficient session identifier randomness in IPMI.
ef2dd36385d9dd3821bf9c92f40c31bad16e92d5fa8a6086b0be965e96fecb87OS X 10.10 Bluetooth DispatchHCICreateConnection crash denial of service proof of concept exploit.
49e70f11df3e52d1bdada50e1eb32c2d0ece6ef26ace20e545b163ba8458f9c3Gecko CMS versions 2.2 and 2.3 suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
641924170b5fe97cd5206e6af2553f0f88558b8ee8f4c7c4992e6781afd735d2Snom IP phones with firmware versions prior to 8.7.5.15 suffer from authentication bypass, command execution, cross site request forgery, cross site scripting, privilege escalation, and directory traversal vulnerabilities.
d2c2d58cc183daa4264d0d86fbef93c03c64a2d566cceec9002e366fbba704ddThis Metasploit module exploits an unauthenticated SQL injection in order to enumerate the Wordpress users tables, including password hashes. This Metasploit module was tested against version 1.2.7.
b0515350e4ccd496fb0e7266e0caa11158145540d2f845735488187df6eb3bf1WoltLab Burning Board version 4.0 Tapatalk plugin suffers from a cross site scripting vulnerability. Versions 1.0.0 and above but below 1.1.2 are affected.
5d11f55fff359670f82ee7eec867318f3c3de3d121e95796ea80115d45a95335Snom SIP phones suffer from a remote denial of service vulnerability.
a9dfc90dfa8c8f12d789e27b1c02092ea4dd4c2c8d05e6763b86969b623aaa28Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.
3ed69590b68e44bc5711dfe4b54294c20f7bfaa50ab879dbe8a42222c370cc12Fork CMS version 3.8.3 suffers from a cross site scripting vulnerability.
46817a9716513fbf904cc210f681e8ee0de86e3cba3780ae82bde54b0f343ef9CMS PHPKit WCMS version 1.6.6 suffers from a cross site scripting vulnerability.
bc631a532ede7f396bf10e2908c4f90fd2b39943a411c0476b46853b7947dd90CMS Croogo version 2.2.0 suffers from a cross site scripting vulnerability.
72dc727c24b207af6f9830f6a67f552c49b56c411677bd6a256ced26cc2fda78F5 BIG-IP Application Security Manager (ASM) versions 11.4.0, 11.4.1, and likely 11.4.x-11.5.x suffer from a stored cross site scripting vulnerability.
16576032ddeda7555602b8798ffb21e9ce47e0cba867050f523c045d39124b0dWoltLab Burning Board version 4.0 Tapatalk plugin suffers from an open redirect vulnerability. Versions below 1.1.2 are affected.
78fe732207c7a2a7abef9973cb5872d91bd7f59448276755a433bc56b43c81caHeroku API Deep Dive suffers from a mail related script insertion vulnerability.
48ce32c2570d9291a426f6f4cf128d5da25797234ae385b612fd9ea3398f7d25The Heroku API suffers from a persistent mail encoding injection vulnerability.
fe44e4e3f2f20da60dc5606afdb53641c13571e9eb1d45c5cc81b33e1654295dLocal root exploit for Red Star 3.0 Desktop that leverages mkisofs.
7ea83074383ee2da1b5cdb32131278513104a6745972fc30f1769767d4579067This advisory discusses open redirect issues in Facebook, both old and new.
4aa7a6ba3a89f57a83a96ba40e358dfc5dc69f38da33da44ddb91cbefd30001bWordPress Pods plugin versions 2.4.3 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
0d05523785cc3c3d6afe4c0cd58b19ca76dd69c34245e15bfa829cfa9677b80dThis Metasploit module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This Metasploit module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.
1983d15e14382b842439b7a8129d4ce859b00fbd289876ecee0e865564af878cThis Metasploit module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This Metasploit module abuses the FILE privilege to write a payload to Microsoft's All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is Windows 7 friendly.
4f82b9e9bf5035178dee3ab985bc03afde702dd4e7ca3f166360be5aa2dd3474WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.
42ecbf4669c89af75d07968bac4f2e5509c6bb5b265890feae2edd0dd0629e00ZTE Datacard MF180 suffers from privilege escalation and DLL hijacking vulnerabilities.
61549ca54b62be8573a682ec61570172bcfc6079ecb46713ff0cf356b3781bbcSoftBB version 0.1.3 suffers from a remote SQL injection vulnerability.
a9bb05a54bd65d9af31a678686b7470862a10aaaebecb3d2413aa5f42f59e1c6SoftBB version 0.1.3 suffers from a cross site scripting vulnerability.
0ca30b39797f9ec334d5344c1f04d6191ef6d5d061f806698971f94c3a84e33c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed