This archive contains 183 exploits that were added to Packet Storm in June, 2015.
c485e814d9dca35aa730e3f9d1befce8762864f7f8245cfc3268dcdbe23f9958The Watchguard XCS virtual appliance contains a number of vulnerabilities, including unauthenticated SQL injection, command execution and privilege escalation. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host. Versions 10.0 and below are affected.
21607839bbbdd227a1fed5a3aae9f1e09f5c3ba5d6cf448a29b254d43dbc7f66Wedge Networks WedgeOS Virtual Appliance contains a number of security vulnerabilities, including unauthenticated arbitrary file read as root, command injection in the web interface, privilege escalation to root, and command execution via the system update functionality. Versions 4.0.4 and below are affected.
18dd393ace4d14161649a80f893aaf38c39cd9fa4882db05ddf096eaeca05aa0The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the tail action. Fixed in version 5.0. Version 4.0.11 is affected.
3a33fc1ca00a370d70ae632d4e5ff2d50d6aebfcfe2f943cfc2b1fac21f6187aNetIQ Access Manager is vulnerable to XXE injection attacks.
5ab83fb7455997ac3fe10dc835a9bc56e92d52e2ce04391ac1b7bb994f39d5dcThe CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "listViewItem" parameter of the "index" action. Fixed in version 5.0. Version 4.0.11 is affected.
056057c0fb271eb7d3df3d949644529069ad9b220d3cea13dac2b89f6483c3e0The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the show action. Fixed in version 5.0. Version 4.0.11 is affected.
a81a00d4e11ec10f5cba3ea70751d59751a88dc2fb69e74a400c31265fe07b31GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability.
214f9d30727be2c3b2b4aa78f18251e30e604ff0e311e01b438ee81349215f74MODX Revolution version 2.3.3-pl suffers from multiple cross site scripting vulnerabilities.
cc5594fe51b541c29a67c4f947fe79867dc8f20ce2d1a907d2968a07693ea31eFiyo CMS version 2.0_1.9.1 suffers from multiple remote SQL injection vulnerabilities.
88134155e61bdad17b0695015d75b1a5facc81ef1cec5a352d986ba9cfb5b831Novius OS version 5.0.1-elche suffers from cross site scripting, local file inclusion, and open redirection vulnerabilities.
f4fd9696fbbf3cb4bb30f39d3adbbe123d467ec115259459a177a9cf9bd7f1e9The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.
37d936d9d7e63a4ff0e4d5ba93bd86e716a8d053ae486aae462f028a417603ccThe CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a "POST /csvn/user/index" request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user and easily crack the hash in order to know the users password. Fixed in version 5.0.
1d88ce5b1e015850cee7a266039f0317d57a1d11a0b2b10402aefdd630149ba1Two exploits for Huawei Home Gateway versions HG530 and HG520b that allow for password disclosure and password change.
34153720563cde72b885eab1bf23d3c0496dfd344433d5815451d5624f2154ecThe CollabNet Subversion Edge Management Frontend allows authenticated administrators to escalate their privileges by creating and executing hook scripts. As a result they are able to execute arbitrary commands as the user the Management Frontend is running under without authenticating with valid credentials. Fixed in version 5.0.
6367d80f85ed6df597af815bf79b0b9c35711023632a3e93c0eae53e289e7171C2Box version 4.0.0 r19171 suffers from a cross site request forgery vulnerability.
3260a9f8f243512939cde597aee57f84fbc49ba76f322ad99d963ca8720153ccPivotX version 2.3.10 suffers from session fixation, code execution, and cross site scripting vulnerabilities.
46674e4415ac3578e9c37660f047a58b4394e048c244adbc09b59b34d6626102This Metasploit module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.
a2184f47ed1174e50ad69f7fd1808a0bfb8843fb0450d0e5bd5891aa520131cdBy combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. Versions prior to 8.4 are affected.
1d5b03ba6b9a7b0e1ff5623237c28661b4f890d43709aa901df21c57464f2cf6Koha ILS suffers from cross site request forgery, cross site scripting, remote SQL injection, and path traversal vulnerabilities. Versions 3.20.x less than or equal to 3.20.1, 3.18.x less than or equal to 3.18.8, and 3.16.x less than or equal to 3.16.12 are affected.
db2ddcd34b4c592559253b1b3c6f3e7e83b307e30c13455c3c11e7c181ea9384NETGEAR ProSafe suffers from cross site scripting, header injection, and remote SQL injection vulnerabilities.
d2cffb6c14ae7d6d75847a649433d54664550130dd5ffabcc160493696e70230Download Zip Attachments version 1.0 suffers from an arbitrary file download vulnerability.
5c51fdb6e266ef3a8a35172957a3166fd6452e291e1e736475722362e05b938fWordPress WP-Instance-Rename plugin version 1.0 suffers from an arbitrary file download vulnerability.
9a24d9b6daa62347b0cb943035d61843dba740d737dd765fd6a8ca7bdea56236ArcSight suffers from a log poisoning vulnerability.
fc2f4788f873862fc266d71b5a6c6655034f7c3ae00f59103be393d90706c07bNucleus CMS version 3.65 suffers from a persistent cross site scripting vulnerability.
546f34805d04034f047e4144ea4b40a6097badf77ac07bce75855a9b73741bd7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed