Nibbleblog contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This Metasploit module was tested on version 4.0.3.
242036a885cccb63f5c9c28d79b7d7806419522622349b78f0a9c6bab6968a41Kaboozu CMS suffers from a remote shell upload vulnerability.
921cf556d06fbd1fafb21a2ca7e9bd50488762ff34afb615de39cc8e5c781207If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption.
c2857430db2e3817f2560860b2cb61ba6870519540ac7fa7ad196cee951f2afaWordPress Events Made Easy plugin version 1.5.49 suffers from cross site request forgery and cross site scripting vulnerabilities.
e6ab0dbf47bdb241ce59c3f77340e3954d08be8c7d28daeaaaa7ebea93f82c0dThe Google generic TLD and ccTLD suffer from an open redirection vulnerability.
2efe35fa05f198a9263df0eeaaff4d6930be6f1b639a8d847a7ef850f3ddfac4netis RealTek routers with firmware version 2.1.1 suffer from cross site request forgery, backdoor accounts, and weak RBAC control vulnerabilities.
1405872cbefb8ad0515fc44e8e0836e72d1d1fa985cac7c55007bb96d1c5ab5aPROLiNK H5004NK ADSL routers with firmware version R76S Slt 4WNE1 6.1R suffer from cross site request forgery, backdoor accounts, and weak RBAC control vulnerabilities.
bdc0083d8c236287aee441dabe95d1060e8583de5c8dd2092287038176f12c8eKentico CMS version 8.2 suffers from cross site scripting and open redirection vulnerabilities.
bf5430bceca5833078cd3fe552102a9b71dee220b36ee328bc2bb05b17999e42CakePHP version 3.0.5 suffers from server-side request forgery attacks that can cause a denial of service condition.
884781604e0f231e38b3b0939d779f308df6b316c6f28e028451352741412abeFreemake Video Downloader version 3.7.1 suffers from a code execution vulnerability.
b623c67eaabfca25efa85965d5e34b9e469bcfc9ee711a03fd806765c64f6f52A session fixation web vulnerability has been discovered in the official PayPal Inc online service web application.
e7f3a2ee98a6007695dada23308a7cde55afed0433cc23d02597d45f4e47d928A mitigation added to Windows 10 to prevent NTFS Mount Reparse Points being created at integrity levels below medium can be bypassed.
77de79e37f40866083e8c10c779513ec690df8fde92d656febc29bcad4074191An attacker with administrative access to a Windows machine with UEFI Secure Boot enabled may bypass code signing policy checks by putting intentionally-malformed configuration options in the boot configuration database (BCD).
26f375acd642d0f9a494693710868f2ef1b4b3531080dc3e3f2ac06389128d71ZyXEL PMG5318-B20A suffers from a command injection vulnerability via the ping function.
94cea261bcbad285c0fb3b4900f3ab8150b00219d6b41f9594444e04f13fdfd8This Metasploit module exploits a directory traversal vulnerability in ElasticSearch, allowing an attacker to read arbitrary files with JVM process privileges, through the Snapshot API.
9e9a04cf21f31c1319caa6af694dd744146d5b671a3f719be244d3e2a6ee6426Blat version 2.7.6 suffers from a stack buffer overflow vulnerability.
21911e93027d280e190872f956f0eb12482a0f9573adbf3e42f6c5e7e8327a60This Metasploit module exploits open X11 servers by connecting and registering a virtual keyboard. The virtual keyboard is used to open an xterm or gnome terminal and type and execute the specified payload.
f1b0dc8c62d80ca9fecd0a8689754ee2bccc3af0a2306d4d4f393a3664ca9d0fBoxoft WAV to MP3 Converter version 1.1 SEH buffer overflow exploit.
561571e286c077c0bd3761ab7adc8e3d3959cac2361dc46d82248e0e858bca68Recompiling the regular expression pattern during a replace in JScript version 5.7 (MSIE 8) can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size.
de4b362c98096f2627ba422def8ffe6b298c4c26b1bf19a41b77cd41aab24c77Typo3 versions 4.2 and 4.5 suffer from information disclosure vulnerabilities.
964fb0833da0c5c9f1c07ef9adf90cc4233a7a258608fbfabc59b774d1d0f1a4MC Inventory Manager suffers from a remote SQL injection vulnerability that allows for authentication bypass.
762b87b209d0f911fb371c00cc13d296985ae347761194af1e3e4552c0eb8029MC Inventory Manager suffers from a stored cross site scripting vulnerability.
ef13986b8ebf906d0a7e05feeda7202f918d4ed84f7af20d81ed2db8b2c16e98K2 SmartForms, BlackPearl, and K2 for Sharepoint version 4.6.7 suffer from a boolean-based remote SQL injection vulnerability.
b5b8d94a74d115a5d21dcdfab6459b1fc2f07d4bd3bbd269226449b06d053835Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature.
f3141a360bdf7ee6e4a571e6ac07b4d6860453bfd2d2651ec97cfa7f9a2ae196The attached testcase was found by fuzzing packed PE files with Kaspersky Antivirus. The researcher suspects it was packed using "Yoda's protector". This vulnerability is obviously exploitable for remote code execution as NT AUTHORITY\SYSTEM on all systems using Kaspersky Antivirus.
3c3dd5acd1e83e6d651af0ce396c0ce5a329d99348391da8dcc96d1f2d9db389
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed