Graphite2 suffers from a heap-based over-read in TtfUtil::CheckCmapSubtable12.
58c3fb7cc8d374ea523d5d1fbab1d2bd4a2884405f2abe2286fb3debc7650ab2Graphite2 suffers from multiple heap-based over-reads in GlyphCache::Loader.
127c0edd9c9f390519bd49f2ac51e2b3b0141cf51884c49eb448cc2ef3f5bf76Graphite2 suffers from a heap-based buffer overflow in GlyphCache::GlyphCache.
2a0c07f2c58d2e743b626408cccb90b11cded9b5fe12088cbc47e41ea0aa7570VMWare vSphere web client versions 5.1 through 6.0 suffer from a flash cross site scripting vulnerability.
c8bcafc14366eb011661d7807d12b5eae2d46687efbe3ab82c1bfd0c94794b23PHP CRUD version 1.4 comes installed with weakly protected backdoor accounts.
afbdbdccb8b0070e88719f96bce319853dcec0ef7e570a7a2e94806aad01a7d8Teampass version 2.1.25 suffers from an arbitrary file download.
3edaa0800807b1b4d192d83a6f21a5419b3a9c8e2a27038d5ad01c3ecbf88d59Teampass version 2.1.25 suffers from an unauthenticated access vulnerability.
fecc638060588bca639b8060b787f342bada3e6c58c51e9584c086a6cc319278Open-Xchange OX AppSuite versions 7.8.0 and below suffer from cross site scripting, open redirection, and argument injection vulnerabilities.
be81227b99ff680bacfa0f6ca34d199f06524971f330e92cb21190ca6a661f2fdotCMS versions prior to 3.5 and 3.3.2 suffers from an email header injection vulnerability.
8a2aa086022ce89bb40306dc783a8bd835f0e4f8c1d80ad34fa487953fa9ea7bBugcrowd's web application suffered from a filter bypass and malicious script insertion vulnerability.
0319346452cc49b60abff62b532b7229e6158e1cfd2951b03b793951d0f38e0eDounia Creation version 1.4 suffers from remote SQL injection and weak default password vulnerabilities.
86d6f70b5e494f3c5826be9dac233fac905a3201a90ce9a807f69878d5a9fc37This Metasploit module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.
472df2245622a97749e8706f2ba968606decb46822546f51bf7cc6c5391ad65fThis Metasploit module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorized_keys. FYI, /etc/{passwd,dropbear/authorized_keys} will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSIST_ETC is true. This method is used by the "mf" malware infecting these devices.
bb35dd847b4006bfddf6670aa0099dfa601022d89cda1ae234b032fd32276366PowerFolder version 10.4.321 suffers from a remote code execution vulnerability. Proof of concept exploit included.
0f0efada160c1447152adc09401bed6a535c764c9ce9e56f17fa7b105821aa98AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.
285a356df0342917c10949047f0e7a8de20316652b88f7502badf4e23df2d5c3XenAPI for XenForo version 1.4.1 suffers from a remote SQL injection vulnerability.
7c3a37ee9ac8d2b769a495f772ba61c0683b07b2341e2500844b324ffac74676MediaLink router MWN-WAPR300N suffers from multiple session related issues such as not being able to logout and sessions do not time out. Insecure transport is another issue.
d083f82d3886c34b608717c7e62cbdb88123448dd50ef58ccf95bfc5317898ccThe Infobae website suffers from multiple cross site scripting vulnerabilities. The author has received no response from them.
7d27834c41218abe78f74ed25b1687903fade4c02f0c42f10175989c165ee7b8Whitepaper that discusses how Cisco IP Communicator only uses MAC addresses for authentication allowing you to spoof other callers.
5fa6355a4e3c274a002436a52e827eab9e6cbcae0ca0402c3a1c6a7211bbcdebJobScript suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin-ajax.php' script thru the 'name' and 'file' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php' extension (to bypass the '.htaccess' block rule) that will be stored in '/jobmonster/wp-content/uploads/jobmonster/' directory.
ebbd14e9080ce7820b95b2208012010a9a83d14e9f97841c699bfbe6706716abMultiple ETAP binaries are prone to a stack-based buffer overflow vulnerability because the application fails to handle malformed arguments. Version 14.1.0.0 is affected. An attacker can exploit these issues to execute arbitrary code within the context of the application or to trigger a denial-of-service conditions.
1099aacf1bea150f3f5b0d2b083815b5b9639cb8d176966b60c20e6f33f2bd28Linknat VOS3000/VOS2009 suffers from a remote SQL injection vulnerability.
0ae3413cc36311b832cc800fbc0fe838b41fbbf707073fec1c0d8e500feaeac4WEBONE CMS version 6 suffers from a remote SQL injection vulnerability.
c586691bbe7c33c05e24864f607a414bcaba8a51ae9fa8aebc2051a54ea0e918AMSS++ version 4.2 has an admin/admin backdoor account.
3d053d75fc4e79afef02a50a644a8e6cf4a9f111809a067ec8973b5ddf2e0fbfLws-Construction Management version 1.0 suffers from a remote SQL injection vulnerability.
c36d0e7573f5f4c6286e5bac90efe9861de5a2a98a92164fd1b110577fac9378
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed