Pentaho version 5.2.x GA BA Suite and PDI allow unauthenticated access to configuration files. The GetResource servlet, a vestige of the old platform UI, allows unauthenticated access to resources in the pentaho-solutions/system folder. Specifically vulnerable are properties files that may reveal passwords.
0888853ff4779b5907a0ff21cd8ea09daabbccf2686a3c59adcb64e634280c5eAdobe Reader X and XI for windows suffers from an out-of-bounds write in CoolType.dll.
94d511f0b5c52532ba8c4998f0ae71bb9ef6d1788cd193c33ea257be138b259fThis Metasploit module exploits a default credential vulnerability in ManageEngine OpManager, where a default hidden account "IntegrationUser" with administrator privileges exists. The account has a default password of "plugin" which can not be reset through the user interface. By log-in and abusing the default administrator's SQL query functionality, it's possible to write a WAR payload to disk and trigger an automatic deployment of this payload. This Metasploit module has been tested successfully on OpManager v11.5 and v11.6 for Windows.
a79de46e68665e018fab0af3d172ef7ef23237f7ecabbe88fc9626f647f5e3fbThis Metasploit module exploits a pool based buffer overflow in the atmfd.dll driver when parsing a malformed font. The vulnerability was exploited by the hacking team and disclosed on the july data leak. This Metasploit module has been tested successfully on vulnerable builds of Windows 8.1 x64.
77f570082717ca7a50c0ff94d4b86df4d4f4ce8665ab76605a5070e55c1c8de3Microsoft released a security bulletin (MS15-101) describing a .NET MVC denial of service vulnerability. This post analyzes the vulnerability in detail, starting from the theory and then providing a PoC exploit against a MVC web application developed with Visual Studio 2013.
55d8209e7983e84bd1e4c26a7391e903dbc491657d32f7b08b0c81b8bfb845bdZen Cart version 1.5.4 suffers from code execution and information leakage vulnerabilities.
f8866420a805576431fdb7207fffbcffe85042c52e1e73441a6a07ace4451ca4Kirby CMS versions 2.1.0 and below suffer from an authentication bypass vulnerability via path traversal.
1bb3efe2cbba1438b53a1927c92e2b5311bd0d77bbfc50ad60673508d8670f21ZeusCart version 4.0 suffers from a remote code execution vulnerability.
c35ab718390825f8b42f8a4a4483a7f60476a0d3121add71c4e3f568df585ddaKirby CMS versions 2.1.0 and below suffer from cross site request forgery and remote shell upload vulnerabilities.
80c763cf1e6a51e5e12403863882e4c9a30a3f2bb3fed73058ff2d71eab9e308Anchor CMS version 0.9.2 suffers from cross site scripting and open redirect vulnerabilities.
e345f208ad4f6300729da8e9a40758c596baa7f9ad94e75c290b7ba80e732facZeusCart version 4.0 suffers from a cross site request forgery vulnerability.
771519055f7e723be693a425f66ab32548b118fc59d70388e3cd5e72b4f840e3ManageEngine EventLog Analyzer version 10.6 build 10060 suffers from a SQL query execution vulnerability.
e43184b3c2e6936208082a4f3f3c97ec7847e32991323e490bc64eafefc58612ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.
14e7eded55b53f71e7a0c1efbb36f40694306d92477d8cda6fe7cfc83868d93eWordPress WP-Shop plugin version 3.4.3.18 suffers from a cross site scripting vulnerability.
8e467f8310d520fe065b659a6179c67ab26cf7b583939831ed7067137042878fZeusCart version 4.0 suffers from multiple remote SQL injection vulnerabilities.
697b97adaa89ee192ed007e1190e65eff68e799ae2b4593d76df1864548cf546ZeusCart version 4.0 suffers from a cross site scripting vulnerability.
a49dd4dc54a291a941b5050448afff0a8a1e9910a1cc60b6e4989cf537ec3d2fWordPress xPinner plugin version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
ded312a6c8bb5a97b7c6f891d95948a49bec9979cbf517dfa78db5d3bbfb8ffdWordPress ALO EasyMail Newsletter plugin version 2.6 suffers from cross site request forgery and cross site scripting vulnerabilities.
628f45f98d4906b0043d836c1f0551d2cdbdd07a8f25c25fa382bfc7a8c259feOpenfire version 3.10.2 suffers from an arbitrary local file upload vulnerability.
9bbc2cebd3d2a5c0af9f8145639a60edfc7679671c36818bea30a904f354de53Openfire version 3.10.2 suffers from a remote file inclusion vulnerability.
42d00b974b618b394bb65bef054e40ef398527d83f5473a5f341a64105097b72Openfire version Openfire 3.10.2 suffers from a privilege escalation vulnerability.
e257b8429ed4723e276b4a9b5f4b3f5dec2c2b2f76d6cb2dfb0db104e297b19dOpenfire version 3.10.2 suffers from multiple persistent and reflective cross site scripting vulnerabilities.
5e15bc6f2c51349cfedc2d25ff91bba4a25bd06fc746b9b8e10eb08cc281cbbcThis Metasploit module exploits a vulnerability in Windows Media Center. By supplying an UNC path in the *.mcl file, a remote file will be automatically downloaded, which can result in arbitrary code execution.
36f8f8faabc51c32a42ca6984cb51015bf27ccf94c534e30071de84b20948429Bolt CMS contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This Metasploit module was tested on version 2.2.4.
15b8b9a8f469ba064abea4de1e391d737d516fe28688c908d479e5b28dde98f9NC220 and NC200 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials (root:root) are never exposed to the end-user and cannot be changed through any normal operation of the camera.
75afdba7df6115f0fcf582aeaa5d0f0235301fc2dbb1e912b582b5293b9e51f6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed