Chamilo LMS suffers from a persistent cross site scripting vulnerability.
bc13f65de0792bdc1e2bb9fd29ab0d6fdffa9843148374f7b6d135c76354780cChamilo LMS suffers from an insecure direct object reference vulnerability.
45ca288b13f7415dfb28d2c6c6aa16e6f8a5baf6d21c4e8d7a1a099587d9f341Investors Application suffered from a client-side script insertion vulnerability.
31b0a0b759a2c2c22be39be00d0d6a5f2c966fb77f6eb6b664a25e861da3f5e3Prezi suffered from cross site scripting and open redirection vulnerabilities.
a9272aa1383aa28eef7ba0439aca2188d07e11e69f869dfc892626f1450eac10iFixIt suffered from a persistent cross site scripting vulnerability.
61832184f77e03ab41094e0f543daad18e092a25bb0e0f4885e0fa9dbb5d593aiFixIt suffered from a persistent cross site scripting vulnerability.
298e8300b75f167cea651ce178b15c762d1853e337ce965c048f7d2cfd7f991bSTIMS Cutter version 1.1.3.20 overflow proof of concept with SEH overwrite.
7630dfcf1c23685d5ff746caef2a3193e9af63121e6307de11d7b6a33841ebc0DirectAdmin version 1.491 suffers from a cross site request forgery vulnerability.
46c874ed2505a5df8e83a213d020c5a1bde6cce21994c9b4f390cc5cf69c4532WeBid version 1.1.2P2 suffers from a remote SQL injection vulnerability.
4c445d18ff897468b32229c61b93169d17ee6ba88ec405da9f786b7a7906b6fdwebSPELL version 4.2.4 suffers from cross site request forgery and remote SQL injection vulnerabilities.
2291468cde58eae41054890b9e25d4217654ae9d0f8b7b9e749e1192bdcd7e44DOKEOS version ce30 suffers from an authentication bypass vulnerability.
e0d80f4d11e0f37a08bd45c5adf3616f68bc949b8f350966e67ed9a9b99c6a86TestLink version 1.9.14 suffers from a remote SQL injection vulnerability.
91d1c80956419cb3834dcfcd444983fe9cb7d79deae450a0f99e91da4a1bf961Osclass version 3.5.9 suffers from a remote SQL injection vulnerability.
1873a8e1196208b1b465380f46ad84e72520251b671aaa4c7dd577b9cff925a1osCmax version 2.5.4 suffers from code execution, cross site request forgery, and local file inclusion vulnerabilities.
4ad8190811bf2819eca13b86515ec3b6f35acf38818dc02e5c40e799d449f463osCommerce version 2.3.4 suffers from cross site request forgery and local file inclusion vulnerabilities.
0590c4c85647c5c0a02e877aee9bff53f2ee293542d8d20f50cdb9048d52be0fComodo Internet Security installs GeekBuddy which installs a weakly secure exposed VNC server.
3d2e073c1d6d171f88727d9420abce1904c883acad79c0452fffab5ce7a41451Umbraco versions prior to 7.4.0 suffers from server-side request forgery, cross site request forgery, and cross site scripting vulnerabilities.
20bc965b21baa931f940d7ed6d8a9e9f44777aeb1ea263df14aa21c1cf9f5104Vesta Control Panel versions 0.9.8-15 and below suffer from a persistent cross site scripting vulnerability via the user agent.
d430afd4621b5d62dad4b70ffff8d6258610f314f51abde198f22b3b9841fd8debay.com suffered from a cross site scripting vulnerability.
a29879e61b3488fdba8438c12dd745e034bbd5c2a76b31866e02d794bf818ecdThe Cisco ASA VPN Portal password recovery page suffers from a cross site scripting vulnerability.
eb2aac6086f4bb061f2a2742410500a3e2ba73666fb36027d37e43f8e424ecfcThere is a type confusion vulnerability in the TextField constructor in AS3. When a TextField is constructed, a generic backing object is created and reused when subsequent TextField objects are created. However, if an object with the same ID has already been created in the SWF, it can be of the wrong type. The constructor contains a check for this situation, though, and throws an exception and sets a flag to shut down the player if this occurs. The backing object is then set to be of type TextField to avoid any modifications that have been made on it by the constructor from causing problems if it is used as an object of its original type elsewhere in the player. However, if the exception thrown by the constructor is caught, the exception handler can create another TextField object, and since the type of the generic backing object has been changed, an object of the wrong type is now backing the TextField, which makes it possible to set the pointers in the object to integer values selected by the attacker. The PoC swf for this issue needs to be created by hand.
89244b28a4549217c3946663d62b8133ad186a92cdb4285eeff70e6a18cdb172There is a dangling pointer that can be read, but not written to in loadPCMFromByteArray. A proof of concept is included.
6a837aeb0f69779cabe3ac91d53929ecab287b6e562f832a1364d2e7e1364980There is a use-after-free in LoadVars.decode. If a watch is set on the object that the parameters are being decoded into, and the watch deletes the object, then other methods are called on the deleted object after it is freed.
fbe2ae5d15b3901564ae333ef65dc05ba1b8f150b143e8b0a87296c853c3503aThe included file causes a crash due to a heap overflow, probably due to an issue in ATF processing by the URLStream class.
31320a678e0ba948912307dabf47b9cca5c8ea878f23514c24959ad680fe11f2The included flv file causes stack corruption when loaded into Flash. To use the PoC, load LoadMP42.swf?file=lownull.flv from a remote server.
74d667d649a7d045b24409e6c7c68eeea9f6f1cc6f03497a67ed1756ff630172
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed