Joomla Random Article component suffers from a remote SQL injection vulnerability.
0a2fa879f23beb0befce309d421834e8bc1f50146c8984ae39d4d21797ea7dc8Unasjee CMS suffers from multiple cross site request forgery vulnerabilities.
9b4101394e2daa2f90d83d866085ad33416c24d0ffa44d634c30bdae9c251e17Manage Engine Device Expert version 5.9.9.0 suffers from a reflective cross site scripting vulnerability.
ac65439b324fffb863d5c254685a9bbab08bef94d462975f0196a709d8b76aaeThis Metasploit module uses Powershell Remoting (TCP 47001) to inject payloads on target machines. If RHOSTS are specified it will try to resolve the IPs to hostnames, otherwise use a HOSTFILE to supply a list of known hostnames.
81d95a12d4da050bcc3d10140dea8044b0356300805672102af4206ac0964126This Metasploit module remotely exploits CVE-2015-0235 (a.k.a. GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions) on x86 and x86_64 GNU/Linux systems that run the Exim mail server.
a904662b081b766808bd7e6e1ad410a102718e996535c406d1a81766eee34d73This Metasploit module exploits a remote buffer overflow vulnerability on Belkin Play N750 DB Wireless Dual-Band N+ Router N750 routers. The vulnerability exists in the handling of HTTP queries with long 'jump' parameters addressed to the /login.cgi URL, allowing remote unauthenticated attackers to execute arbitrary code. This Metasploit module was tested in an emulated environment, using the version 1.10.16.m of the firmware.
164f73d50b085d0c2335092e7f16da683c66b3f7e546e57619eee75d165cbf97This exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability.
13186b54048c8cc06f8faee910912cf899136fc7728d1db2115267711277790dCisco Unified Computing System Manager (UCSM) versions 1.3 through 2.2 sends local (UCSM) username and password hashes to the configured SYSLOG server every 12 hours.
f0ceac9c00ce462e0e72897f30e93bddf1642b81c987ab4e5c396f7423783888openEMR version 4.2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
136128c86a8cdf2ba34308166c5782a4d4d518a5c95d5d6c966b0e3831d31b38DokuWiki version 2014-09-29c suffers from a persistent cross site scripting vulnerability.
f3904c4b7095c2906f919c23af7958dffe8a653152cf6e88441674e356365afdManageEngine Network Configuration Management suffers from a cross site request forgery vulnerability.
92368df0e9e0f2127c3cd5b8c1a65d106c669a4abd4e4f69d29da58266507ffbWordPress InBoundio Marketing plugin suffers from a remote shell upload vulnerability.
7940c1bcc1be530b886d2e8945d3daedf9179235dd53a629eff265af18c5f93cWordPress MP3-Jplayer plugin version 2.3 suffers from a local file disclosure vulnerability.
0029d652e04d0be61d22db15d7a2fc2394e42ed9f13fde78fd7c9d9c0ad7c71dManage Engine Device Expert version 5.9.9.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
f20cf3a5eeba6944bf7c8e0b8e41afd3a2af615be2ecf3373dad1c709980a353WordPress AB Google Map Travel (AB-MAP) plugin suffers from cross site request forgery and cross site scripting vulnerabilities.
d05ef630552b94fe4793abb6d6cfc370e265a055695867aac201a5912790ecfdManage Engine Device Expert version 5.9.9.0 suffers from a cross site request forgery vulnerability.
335ed01164ea71ca9d0063fed4f8122e7d1025d09630c8e1c87867e47945498eThe Joomla Spider FAQ component suffers from a remote SQL injection vulnerability.
1e2762eb2b150084329622dc9717ba845a0ba6a848ed72061df848c3e499db2bFree MP3 CD Ripper local buffer overflow exploit that mints a malicious .wav file that will spawn calc.exe.
291049aedfaf3aeb04da4a251afe8b0a963d533f7a6438b9918cdac181567059WordPress Ajax Search Pro plugin suffered from a remote code execution vulnerability.
5e6475faedc63a601f3aa6133883268940ff45a73b0f968fdc25e796ce956a12A use-after-free vulnerability was discovered in unserialize() with a specially defined object's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code.
0d7d8aafb8d2a37309dece6abe0be384cb2777387f609c40b05070f50d8937adUploadify version 3.1 suffers from a cross site scripting vulnerability.
38411749c2d75136e514ad041c7f18642108d6bc9818a5a12c50a6adc5c978b9Et-Chat version 3.0.6 suffers from a cross site scripting vulnerability.
80e1a4d6b660f8125854153118580e5f380c83819f4170fcf51420d028dfeb57Kunstmaan CMS suffers from an open redirection vulnerability.
4aeed2b050d1ca14f79f6263c116c8d2301cb3e0d4fc64e891c2fa828eee1d6aA command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.
8363fa8786b4f33fcb611c65253aae741117e855eaa1f0692b41e980dc0efd9eIt was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.
d441a8929d46f3b81888279baadee2699e3507b40eda951a86945b935b33baac
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed