WordPress Advanced Categorizer plugin version 0.3 suffers from a cross site scripting vulnerability.
6fadf0a68a68d7a2224dead0e386baaf4e4a60df0ceff53723283c9beb898aecWordPress Facebook, Twitter, and Google+ Social Widgets plugin version 1.3.7 suffers from a cross site scripting vulnerability.
3290a2bb90bb054c2c4c266867566c028da4101297cd2c8c4f96794c20e77af9phpFileManager version 0.9.8 suffers from a remote command execution vulnerability that can be leveraged via cross site request forgery.
fd512bf32f9f9fc9a3b430ad2e4494742e35537f8aa5ba31a79fa463585369d4WordPress Flickr Justified Gallery plugin version 3.3.6 suffers from a cross site scripting vulnerability.
976c6087ecb03d8b8cae5e43e9e600acaa4392bab73a3bae21e132826b40badaD-Link DCS-2103 version 1.20 suffers from cross site request forgery and cross site scripting vulnerabilities.
4d98416040832150a16ffa2a1c213edb24bd98271d14dbe192d4aa550a9fd010Tendoo CMS version 1.3 suffers from stored and reflective cross site scripting vulnerabilities.
cd9b09823f3b4f903977a3d92b3b7084b6e40bcacb0756fc6aafefeeafb8108aFoxit Reader versions 7.0.8 through 7.1.5 suffer from a PNG conversion parsing tEXt chunk arbitrary code execution vulnerability.
9da8a1034afb8dd1ecf6f36562d0356f8048cf0ebf078c27562a216194531c8eHawkeye-G version 3.0.1.4912 suffers from cross site scripting and information leakage vulnerabilities.
dedfab25cf599a5d471846668f02839f82db68639796aad291a1a95774f4e305Seditio CMS version 1.7.1 suffers from an administrator password disclosure vulnerability.
1780346582854c7fdc89148449d9eeb1ad330538db092f6b047b6f4ff3c1e490This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3bSeditio CMS version 1.7.1 suffers from an open redirect vulnerability.
2ff996b84f5e2517c42761313b4f6b91deae750fa6ae089104e6d04642bfc884XenForo versions 1.4.9 and below suffer from a cross site scripting vulnerability.
5d38872663e90c1322bb0e4199d9762f1f981af682bd046d78e6ef57fd238678WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection vulnerabilities.
35ca2d59e923c4dcfa102cae5ca95a5f2022862e2a8f048b21905f0568781656WordPress Music Store plugin version 1.0.14 suffers from an open redirect vulnerability.
39a735fe34395a13d85f4a7c0131dc3a9ee60a7573410b4205e3a12eaf6b2d36QNAP TS-x09 Turbo NAS suffers from a cross site scripting vulnerability.
ab18c8b11eafa38f69dcfdc61dd73eeb55ad959a3b1d45edb7008ded708d8650Hawkeye-G version 3.0.1.4912 suffers from multiple cross site request forgery vulnerabilities.
7bbb160cd6f98012e50825f8a96af7faf9af19a17a8380a6210306d6c3405ae3In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.
5f8a24055c7eacceccce25d80da65ff0a662a967a7f926c2fe621369f5e41ae2The libuser library implements a standardized interface for manipulating and administering user and group accounts, and is installed by default on Linux distributions derived from Red Hat's codebase. During an internal code audit at Qualys, they discovered multiple libuser-related vulnerabilities that allow local users to perform denial-of-service and privilege-escalation attacks. As a proof of concept, they developed an unusual local root exploit against one of libuser's applications. Both the advisory and exploit are included in this post.
8ca265d19600f642e0b8538ca2edb894bbc57f28b26136e6f5ea36ae5e348827WordPress Paid Memberships Pro plugin version 1.8.4.2 suffers from a cross site scripting vulnerability.
410ccd42ad7f7fd44ee5b3408fbbe29164843761e90521e5e7335512139412ffWordPress Count Per Day plugin version 3.4 suffers from a remote SQL injection vulnerability.
f687e1b0d3ad51322c1b0413cd02097173f02fb47e8b268312c45c39c2901d6dXceedium Xsuite versions 2.3.0 and 2.4.3.0 suffer from command injection, cross site scripting, directory traversal, hard-coded credential, and privilege escalation vulnerabilities.
435b9ea5332e4395e8c3c079290a5fe9be967080695ef116f10918e9ad4d0414NetCracker Resource Management System versions 8.0 and below suffer from multiple remote SQL injection vulnerabilities.
93d2f137db25cb48662c6394b587ff5d423fa89e6aff521417512fcc7700707bNetCracker Resource Management System versions 8.0 and below suffer from multiple cross site scripting vulnerabilities.
919ec0379fdf91eec0154ace839eb6d6c2a1ed54c9f07a49617f729d6eeb7926Open Web Analytics version 1.5.7 suffers from password disclosure, weak cryptographic control, and cross site scripting vulnerabilities.
eff923ffcdcd382735364473953777226ac5141d068f398cd44bc9d036ebb5d2OS X version 10.10 DYLD_PRINT_TO_FILE local privilege escalation proof of concept exploit.
54d151a0576992acbdfc4330c685be0f33834016156eaf6b60eb50e760abfc0c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed