My.WiFi USB Drive version 1.0 suffers from a file inclusion vulnerability.
291d895c909d0e7e884d9e3475bc4fd0693023383eef111c66707bcae766d782Flowdock API suffers from a malicious script insertion vulnerability.
a3b7855c7e90fcf4c75103af35130d53982d9d62505e762c85e860f5faf3646dNodeBB version 0.8.2 suffers from a cross site scripting vulnerability.
d57f11bfe70287dfffacacdc169c4b777ffa00972b7da86b4dc99814bccfc23fThe encryption scheme used by Mikrotik's Webfig terminal software as seen on the RB750GL running RouterOS version 6.18 is susceptible to offline brute force attacks that allow a third party to recover login credentials (username and password) as well as full decryption of the terminal session. Full write up and proof of concept tools are included in this archive.
d0d1affb518b37657fed9af631a57aa3813a11d020ea75cb33748ab31aba0ae0Mango Automation version 2.6.0 is prone to a reflected cross site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'username' POST parameter in the 'login.htm' script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session.
41ab244aefa7fced98821ec993549932a6899a590c057be0463567b385b9e724Mango Automation version 2.6.0 suffers from a user enumeration weakness vulnerability.
537cc8a30faefec691fd5f8e0974b8ccb201b1d73876b4069c8f983045648729ssh-agent.exe in Git version 1.9.5 suffers from a buffer overflow vulnerability.
ce634473f825d0f57046db4dc9958352e6697eedb52ff14a9efa1297a55a6652Telegram version 3.2 suffers from a denial of service vulnerability.
90996d03212ed2c75f8fd0f227cfaaa7bd7b0fa0b0abb5f28d2eebcc8b3de810This is a short write-up of the Ubuntu Apport kernel_crashdump symlink vulnerabilities along with some proof of concept code.
6ad9dbf653da822a763a4a0ee8845d1ea92def27b988d96ac422f942ecd40aacThis Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the 'nobody' user.
f3ce91f963a609ee2afb35c805a8185b216151f2f25fca139375b42759d02476This Metasploit module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes.
7c6decaff907ef3b9b1bb529a51ba19b1033c58a2df89c836c3f0ff8739caa9fX2Engine version 4.2 suffers from cross site request forgery vulnerabilities.
3ff64763cff039036ce49876b8feba0377dcadb9b0e71850c458529d2d4b3ba5X2Engine version 4.2 suffers from a remote arbitrary file upload vulnerability.
b842c998e5a3f61c7b50acdb164aa108cc409599a2d25d457a9b76687828ed94X2Engine version 4.2 suffers from multiple cross site scripting vulnerabilities.
9218f813f4e812e5120771140043ffecf041e066c73fa20c5a290b1140989be9The Good Mobile Device Management solution suffers from an insecure application-coupling vulnerability.
af107c97cd4d7d4de1c924959092ed0c56c2cc5541967d7bdf9e2c3dfe46fe34VuFind version 1.0 suffers from a cross site scripting vulnerability.
e11f4bce9e7156498d91762f5acc3c7dc73d048e47fec232b6e4c2456ec7e884Junos Pulse Secure Meeting version 8.0.5 allows an attacker to enter "secure" meetings without knowledge of the password and the invitation link using the java fat client (meetingAppSun.jar).
72d0987702534e4b644e0f7014857caa8cdf81f311cef5ea5fd171580871e68d4images versions 1.7.11 and below suffer from a persistent cross site scripting vulnerability.
09e7891c4a718461553424bee020d999e8f3b300137a5d41b358f57adf5a4e6bFortiManager version 5.2.2 suffers from multiple cross site scripting vulnerabilities.
b71a9650569b9edc2d13b4e02474212f0456beb9b05798f1f01f8a68e014b2b7SMF (Simple Machine Forum) versions 2.0.10 and below remote memory exfiltration exploit.
839a2e92d517f7cb38a35ae0c372edcf59dfd86ed247215c387c6d6b12bf6316Due to a server misconfiguration, customers of Unified Layer suffer from a remote shell upload vulnerability.
38bbe1895961c77f3c46b4f57c4870d647343451c3a8616690b2f3361d104493Flowdock API suffered from a script insertion vulnerability.
ba260a05957e34276837655ae4846ed931f035bdf3bcdc1cd399b333cb422879Cisco AnyConnect Secure Mobility Client for OS X is affected by a vulnerability that allows local attackers to mount arbitrary DMG files at arbitrary mount points. By exploiting this vulnerability is is possible for the attacker to gain root privileges. Cisco reports that a similar issue also exists in Cisco AnyConnect Secure Mobility Client for Linux.
66660159f211f495d60f7ca1acea5dbe4e444722621da4f69354d6747a67fc1bUltraEdit version 22.20 suffers from a buffer overflow vulnerability.
adcf8a3d5f0c3748dac9b35b34f0d3539924300c71ddb8aaaa96180e87d99490WiFi Drive CR version 1.0 suffers from a file upload vulnerability that allows for malicious script execution.
6f4c0e90400ddb9bc62a317bbf688b4b45f93981ac1ef7a4dd8e7ff43d6ad413
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed