FENIX versions 0.92 and below suffer from a buffer overflow vulnerability.
6562b200ed6f0101fff5117229054f71cf3af90934e4ca91e22b9087a53116ecLinuxOptic CMS 2009 suffers from an authentication bypass vulnerability.
fb5510a4e8241f843f5f5647141f946a2f3127a5a149a226a545326bfffff821WordPress Private Only plugin version 3.5.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
dab9719c8bbda7fbb1bd873063f790d3b7aeb28984b3a0ff28b38002c26621b1BSIGN versions 0.4.5 and below suffer from a buffer overflow vulnerability.
96bc6b623e2246e2153eaae563245037e96717a2892cddb0b082e2b39ab7c6daDogma India dogmaindia CMS suffers from an authentication bypass vulnerability.
e83e7863e16b666b0fa577c942a5232b031229a84ba725a9bedf9a2cb44b6929The Windows Script Host executables suffer from a vulnerability due to a missing embedded manifest. Using another exploit, the combination of "wusa.exe" and "makecab.exe" files can be copied to the Windows folder. Copies of a manifest and the script host allow to execute the copied script host and bypass UAC warning messages in case the UAC settings are default. Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't accept the admission because it's not a remote vulnerability. Surprisingly Microsoft didn't accept the vulnerability because "UAC isn't considered a security boundary". Only Windows 7 is vulnerable, Windows 8 has a embedded manifest and Windows 10 is untested.
221d3bbec1c5df5426bf707aa9ebcf83deb62a5dcff3e0f43a1161f218d916e7WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability.
bd08d635da81f1250b0bd7b2decd8288c09061ca8182cdeb83b88b0b64cd4586ZSNES version 1.51 suffers from a buffer overflow vulnerability.
ac0bbeac824268291f65934827d6406fd927814abaffee462140a86382be50ecWordPress Car Rental System plugin versions prior to 3.1 suffer from a remote SQL injection vulnerability.
a2cdab0c11366b52adaafd94afcce39eacb22aff6f7f1ff06b4f931c4a631ffaMagento shoplift exploit that adds an administrator account. Flaw originally discovered by CheckPoint.
a0b1053cf090b751b7847bc8312657f3d98e988645e6d4a2d846df5e19b0cf8aMicrosoft Office 2007 suffers from a OneTableDocumentStream invalid object vulnerability.
71aae25eeff40a890630b5def4b9a4c33395e8cd48b05b1af664a30be591e023Microsoft Office 2007 suffers from a stack-based buffer overflow vulnerability when handling a malformed document.
fc3f3a43acba1f2993d16df8be2f8af7217caf24ea88bc37b3ab71571b41e296Page2Flip version 2.5 is missing an access control and due to this allows for information disclosure.
4d58d05abd8782f6ea8e55b951adbc39826bfb054bc42cad328a0157a2cf0cf3Page2Flip version 2.5 suffers from a session management issue that allows deleted users to still login.
3dd3826320edfc3d9787b04d941d218aa5fcb2d184361a4c7704cfea80c20ef4Page2Flip version 2.5 suffers from an authorization bypass vulnerability.
81eff9c8072a47333a722737d210492a75a50e881af03b9fbb7745d495b77d5cPage2Flip version 2.5 suffers from an insecure direct object reference vulnerability.
88377ffbd2ae0e8c6494acd84244a8d80fc28f3b4cb5e706a672ceaab14433b9Page2Flip version 2.5 suffers from a persistent cross site scripting vulnerability.
a80dbfc906c92033fe34653626d3672fe4672f10582601c6398132ae3406a17bPage2Flip version 2.5 suffers from a cross site scripting vulnerability in the create user functionality.
8c4a6a8c8fb7c3e5d54cac7cab64b3e9ec1fd020d73d675cbf2229ba4b628693Page2Flip version 2.5 suffers from a denial of service vulnerability.
d605475e023fd099f6ae5991a6c9dc8b5175e3d6115f0f5e24bdef720b8b65c0WordPress Google Analyticator plugin version 6.4.9.4 suffers from cross site scripting vulnerabilities.
7f7523e430b3afce63313d41c2b6e4084ef335223ee61e6f6fdb35a34d45f768Netop Remote Control versions 11.52 and 12.11 suffer from hard-coded cryptographic key and insufficiently protected credential issues.
bd92784b38a1c301a6674b12b72e327934aa4b895b78f8ea87bbefcaaebfb4a3Pligg CMS version 2.0.2 suffers from a cross site request forgery vulnerability.
e8df6ea13dde593af7dce761b232c1d61d5a0fb061392ea66d9fa5a7ea0f440dResourceSpace CMS versions 7.3.7009 and below suffer from a remote SQL injection vulnerability.
f8889e00ce3b0fba310c27b4671a53d11f1156966615698aad1a1d3558bbc703This Metasploit module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability.
c7380b4bd424349eceddb0191b851de4ff91a0a5afb8b3430ceffce5b834c992WordPress Googmonify plugin version 0.8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
06c403fcedb1a7fd5d3e040288ea006db2072b20c5136ce9aea6ead2c5f43109
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed