Dimofinf version 3.0.0 cookie SQL injection exploit.
ae127634dd77d4b81b85ee2ddebae17c44d195b88e620121ef01740d5ac84f53SAP Mobile Platform version 2.3 suffers from an XML external entity injection vulnerability.
763ac979871c176d5a9e6b1f185a1e6109b4d7b5f4517066de0a8a2a92f8f153SAP NetWeaver version 7.4 suffers from an XML external entity injection vulnerability.
b5a92464ff47c770ab76479c835e0239d3e5db4770ef988ae3b50741e8e7356cCeloxis versions 9.5 and below suffer from a cross site scripting vulnerability.
0ce327191126fee2975846ae4df13c4f34768a717772e1666d36b2e5d8b59286Apache Flex BlazeDS versions 4.7.0 and 4.7.1 suffer from a server-side request forgery vulnerability.
0005b6103d499d01523afeee675b0ec07725b42b1b1468d91a6d3b6c8f9096aevBulletin version 5.x suffers from a code execution vulnerability.
8bae9267f14bc87a02271f45d06cb5b550d1a16db3443ab464810a2e31344f2bThis Metasploit module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla. Triggering the SQL injection makes it possible to retrieve active Super User sessions. The cookie can be used to login to the Joomla administrator backend. By creating a new template file containing our payload, remote code execution is made possible.
53518655f45dd51e0502900828af9b020e75d493ef442b649696eaac77fb78b1ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature.
f638139811112ec6d7f34ff1e8acef146adf3549a65b832da61f1755c75c498dZTE ZXHN H108N R1A and ZXV10 W300 routers suffer from path traversal, information disclosure, improper authorization, and hard-coded credential vulnerabilities.
2735f65d35edc3931a3eae6069d85013b997afb9f924b5865ac99b6d29c02f0fAtlassian Bamboo remote code execution exploit that leverages the java deserialization vulnerability as noted in CVE-2015-6576.
607a629353c90b0d484735e431ce673d9f7f7ae92d4516f5a50546cb0b881ca6Traffic CMS version 1.4.x suffers from a local file inclusion vulnerability.
624c98b778717d19759cfb903dc4a9bfd8c1114710a9bd101578150c371516afChkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. WfsDelay is set to 24h, since this is how often a chkrootkit scan is scheduled by default.
0747e7950fe687c3ab16c47390e8715755184a47efb63dffd00b15a5ba393195Cambium ePMP 1000 suffers from a remote OS command injection and privilege escalation vulnerabilities.
f3f71e560f8ee614e20bf5956339837e20028c8d5053172f3eb99639d547b9e1There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff windowThere's an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff window.
7dd26a5b0e5074777454a033d2a5cf9abf8079a2604f2b566807914eb6911c4bSuperScan version 4.1 suffers from multiple buffer overflow vulnerabilities. Three exploits included.
faab1615119f9b0f7d4655030b73df369c1177c71211dfa8835d2279b858b83dNetwin SurgeFTP server version 23d6 suffers from multiple stored cross site scripting vulnerabilities.
8a738fcf73b0741fa19ac83402727e9db5fc3288bf5f2c65355a00eec7780e86The Help Forum on LinkedIn suffered from a cross site scripting vulnerability.
2a9bd1ced4f661fb3399fe7cdf77a6afff11cf4a90862e613b8e31b764cbbe69SHAREit WebShare version 2.3.80 suffers from a cross site request forgery vulnerability.
490d8d74a088ae1e4e4d195dd7241004c00b9d1b1902cad5c9bccb3ab6cd3669This Metasploit module exploits an authenticated privilege escalation vulnerability in the iControl API on the F5 BIG-IP LTM (and likely other F5 devices). This requires valid credentials and the Resource Administrator role. The exploit should work on BIG-IP 11.3.0 - 11.6.0, (11.5.x < 11.5.3 HF2 or 11.6.x < 11.6.0 HF6, see references for more details).
f329ba79799be3587e190db0a03ebd17f524e5bca267576582b6c1d628f1c3ceIBM i Access for Windows is vulnerability to a stack buffer overflow denial of service vulnerability.
11b7e54cc3e17a00c343563a50236ca59bcf4030efc0d0a5c7c6a895e9014571IBM i Access for Windows is vulnerable to a buffer overflow. A local attacker could overflow a buffer and execute arbitrary code on the Windows PC.
c580fc339b55fe7d4d1b8c410eb204c7360f55941a779e5f137933f2389ba06dHorde Groupware version 5.2.10 suffers from a cross site request forgery vulnerability.
c4fc067423fe364eb06a86f8f53f8d241025ebcaec8ec8d5e2dbc2baea883140Adobe Premiere Clip version 1.1.1 suffers from a filter bypass vulnerability.
51ff395ba796da8216a974270c7449690e7f1776d4051a48b6068c307b81af02Zenario CMS versions 7.0.7c and 7.1.0 and below suffer from a remote code execution vulnerability.
5f5fa492d07b379d353348483114df240fb9fd248fc6a68f0cf87fbfd453f295WordPress Users Ultra plugin version 1.5.50 suffers from an unrestricted file upload vulnerability.
f4e18695ac4a2dc4e8ed14fa0c0404f778a68636ebbcfff81a444eeb1f0669e7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed