Tango FTP active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects version 1.0 build 136.
7c5d287b7285d97c773bd521ba096c6d7155b06570a00ffc57b3294319a812a1Tango DropBox active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects versions 3.1.5 and PRO.
3c8dfe4be4054d363a2c7bf83cffe6bedd810b2e267d01f52bc1df31959e5112ZTE ZXV10 W300 version 3.1.0c_DR0 suffers from a session vulnerability that allows a remote attacker to delete network settings and more.
e6b4753445eecdc540f323caf6ddd8959dc3d0dc105d4e6952e16e30eb542b98eBay Magento suffers from a cross site request forgery vulnerability.
b3c0c736ffb72d43d1fe671c55dffcbc1392deeada1261b19a1a3ef5cb7b4d6cA persistent input validation web vulnerability has been discovered in the official Magento xCommerce web-application. The vulnerability allows remote attackers to inject own script code to the application-side of the affected service module. The vulnerability is located in the filename value of the image upload module. The attacker needs to create a New Message with upload to change the filename to a malicious payload. The attack vector of the issue is located on the application-side and the request method to inject the script code is POST.
2d046bdbb2f5dbd96eb46e550a4e42059c43e67f2b94273651e0cdfbf7805252ApPHP Hotel Site version 3.x.x suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
890ce1d4ffe628ac729ca8d7e542f34a6085bef5d2b10be9540e4c255325d05cA client-side cross site scripting web vulnerability has been discovered in the official Magento Commerce Premium Theme front-end web-application. The non-persistent xss vulnerability allows remote attackers to inject own script code to the application-side of the vulnerable online-service module.
93f9dd7fd63830ad50de3dc317332c7a3e7b19e91c8f617f35ef178a5970df46WinylPlayer version 3.0.3 memory corruption proof of concept exploit.
788887d72aeca51f9c07a787f09f5f2b971d388afc67b75f0eaa8a3c94812388HansoPlayer version 3.4.0 memory corruption proof of concept exploit.
20b9090c4b132b0b60d1f278ce6a8efb8bcfa0d4a1e0123be1f206ac25da0171Wonder CMS version 0.6-Beta suffers from inclusion, password disclosure, and directory traversal vulnerabilities.
397399516a0b38c8578b9229ed23840b442e7ec378ee95438a4c113226f252daVitubo CMS version 2.3 suffers from a backup related database disclosure vulnerabilities.
ff364b84ea8625fba97d912d8dd6331b0c0dd9676463163ef07e5caaea3f8ae8WordPress Revslider plugin version 4.2.2 suffer from cross site scripting, file download, and information disclosure vulnerabilities. Note that this finding houses site-specific data.
8ad1c24b948d5a65dab914200443c87ffe00a1d155d37bbd652a95364274a234Just A Forum version 2.1.1 suffers from a cross site scripting vulnerability.
f942628108d16b6d63256b6d0445ec551ce6bb7db1df80e6b5741033053809cdVesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability.
8afef03dc758fc7e9258cea86f2165628c4ee859debcb92aa2ea90cfb8973453SearchBlox version 8.2 suffers from a cross site scripting vulnerability.
c50cf93766fdeb247be5b7f551e3e1f70a06620929967b43da8b53e840f1e73cSymantec Encryption Gateway suffers from a remote command injection vulnerability. Versions prior to 3.2.0 MP6 are affected.
e6ac92a40468adfad041080b0dc12276912bcdfa8a08e999f17136b0003f5f9eBIGACE version 2.7.8 suffers from cross site scripting and file upload vulnerabilities.
33159b3a9180da99ad88ee3d773bbc6ec6a99088dc5297a33bf65aaf68c6079dAudio Share version 2.0.2 suffers from cross site scripting and remote file inclusion vulnerabilities.
a3a8905088e570ff7fa1984524f21cf56f5f55619ab6518165d24f7c5f880f37Alitalk version 1.80 suffers from various bypass and remote SQL injection vulnerabilities.
8471cf9736c040db77b8cbf37badbcfdb3f137f9f3664d06af4cbb5b1d6b24574images version 1.7.11 suffers from inclusion vulnerabilities due to trusting the host header.
58c8498e8bf4f00d45c7e52fd8d323c053bb404232140cfc9cb9537707c06ec0Imagevue version 2.8.9 suffers from cross site scripting and password disclosure vulnerabilities.
da17b864a9c9189ea39befb9d3b0dd1691517d8f6afb17b6cddc81e4e0716486MantisBT version 1.3.0 suffers from a remote file download vulnerability.
671ba2e0e285945b42223f1727978cb7d9171580b07eb50f0c2b649e8ebddb1eThe overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04. Included is a full exploit demonstration root code execution.
f86829bc8ea48c36f6d3cd054fa6293bb6beab50057404ccaddcd6c16e8bed3cCellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site scripting vulnerability.
3dbbd6127d694b4edcf1b718fd1acdcbca841f4fde9082ba044f21f713cb578dCellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site request forgery vulnerability.
b4208c80088ecfa773353853c2cf70171df70a35ad267695d22e5afeee28d344
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed