Open Web Analytics version 1.5.7 suffers from a cross site scripting vulnerability.
9826ef468507dad63ad72b499b5f63fa30e841d17b63f398c4f0bb78be5d5099JSN PowerAdmin Joomla! extension version 2.3.0 suffers from cross site request forgery, code execution, and cross site scripting vulnerabilities.
52695b93ab343b3468cd352906fc52305c66d72e1dc525d9bcd653d77d405702WordPress User Submitted Posts plugin version 20151113 suffers from a persistent cross site scripting vulnerability.
ed9820128cacf907158c375e09ab3a252f3645fb8fed827c1e752230a084a0f8Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.
01b433ea9ea8a8bfd60a02085deff0d6671bc1935cc0aafe2a78128162522f37In certain kernel versions it is possible to use the AIO subsystem (io_submit syscall) to pass size values larger than MAX_RW_COUNT to the networking subsystem's sendmsg implementation. In the L2TP PPP sendmsg implementation, a large size parameter can lead to an integer overflow and kernel heap corruption during socket buffer allocation. This could be exploited to allow local privilege escalation from an unprivileged user account.
4e8facb5af3635bb5a75286e2815b09aff43b1be7ba523d3b34d41c5a7c53bedA crash can occurs due to a heap-based buffer overflow in the ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
a7fdbcbd73763761e1e07330bb5c8d3c8ae31713eeb2d4a7465c6ef3bbf98840Ubiquiti Networks UniFi version 3.2.10 suffers from a cross site request forgery vulnerability.
ce6b8f6b7d6df9b959e6dc54e07373ec0465accd0d4c1c0b4ce70674fb6f11ceManageEngine Firewall Analyzer version 8.5 SP-5.0 suffers from multiple cross site scripting vulnerabilities.
358c9090c7ae34b10cce327c19668cc4988fd2e24d1d402f559975a3cfdbbf06GTA Firewall GB-OS version 6.2.02 suffers from a local malicious script insertion vulnerability.
4cd215368c415a6cbaf6fb3acfa8229e1e2cc4e04a4c7a02b548cec34d49bd1ceFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the message attachment.
85f17b5db889a6f5d1dc69715ae65751c63987fc043b34df2c9e9777cc172f26eFront Learning CMS version 3.6.15.6 suffers from a persistent cross site scripting vulnerability in the forum functionality.
6cb381140d19e5e549ed59d0d3373cadd6f8e834f072df94ed2fce950508a98cInstallShield suffers from a DLL hijacking vulnerability.
4c5735bf0c7180106c89369ae626f03213246d7d0d90f51d7b872e835b3c3bf3WordPress CSV Import plugin version 1.0 suffers from a cross site scripting vulnerability.
863e1032d1640aebfa24c19da831a78051d93f4903b0e68a3c869f3afc793193OpenAM versions 9 through 9.5.5 and 10.0.0 through 10.0.2 suffer from a cross site scripting vulnerability.
733a8d04f8cafa6811d950b5abe8bdd81bee1de0eb014f68a90053b49909b05dWordPress WP Advanced Importer plugin version 2.1.1 suffers from a cross site scripting vulnerability.
1b8f7c393fd5bfcc67c14b8eb5c2d1f72de2983a7826ed9a0b7c4695eac37754WordPress Extra User Details plugin version 0.4.2 suffers from a privilege escalation vulnerability.
f1d6b143ddf59b28109375dabf804a5de16504ba3016c474fc3de3e0ca85578dWordPress WP Ultimate Exporter plugin version 1.0 suffers from a cross site scripting vulnerability.
16c004fd9727443274406df89a6cdaa87f63fc7c1c2bf00b8e278750c2510f74WordPress Import Woocommerce plugin version 1.0.1 suffers from a cross site scripting vulnerability.
e1ebdab043cb433b08db920123aaf672c2c38a141cbaf95f44e861dc3301583fRozBlog Weblog Service suffers from cross site request forgery and cross site scripting vulnerabilities.
cd128fdb0719f9f0a5fc9b56517fee549a3bbce6ab7f755891643664f2240a7cCompass Security discovered a web application security flaw in the OpenAM application which allows an attacker to launch phishing attacks against users by redirecting them to a malicious website. An attacker is able to create a link that, when visited, will redirect the user to a website of the attacker's choosing once the victim attempts to login. This allows, for instance, phishing of user credentials. Since it is the victim who needs to visit the malicious link, this attack is possible for unauthenticated attackers who do not have access to the affected websites. Versions 9.5.5, 10.0.2, 10.1.0-Xpress, 11.0.0 through 11.0.3, and 12.0.0 through 12.0.2 are vulnerable.
88f9d412f3d250d135b3a6b3b9f26c0dcfeb53a8228338a90e7281309a6da7e9WordPress Calculated Fields Form plugin versions 1.0.x and below suffer from Http_only bypass and session hijacking vulnerabilities.
22fd62241b10270dd006f36d68ce4d0d900367987d8d02ce551d856593396accCore FTP Server version 1.2 buffer overflow proof of concept exploit.
e51b115e282e22f8eb70f8926781e1be7f647f3ad859e91402bf0c87c5d703bbA crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
a9c690614b625bb6e5172e86cdd465b90ff09e43557968287968a407281a00ebA crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
cc44a554664cced1126d7b0eefa4b8b8ae37e321ffffa876f3e526a0ffcaef9bA crash was observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark.
c861f9e59caf134ae57436cc31633c01b724e7061729a02b6ad1d5423e02767b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed