JobScript suffers from an open redirection vulnerability.
e346964b5931d627f76776af0fec044f2c71e336366251548304f0d59283e2f0Calliope version 2.31 suffers from authentication bypass due to a remote SQL injection vulnerability.
85b10f367e99494fdc1e2fff03f4010816dfafd1b727faab0b01577307e01da3Annuaire de Salon et Foire version 1.4 suffers from authentication bypass due to a remote SQL injection vulnerability.
211270e8c5b25f157973aa76d5f87ef7631f0e04c60010dcfacb6b9acb263ebfSitizy version 2.0 suffers from authentication bypass due to a remote SQL injection vulnerability.
368b7c6cc8b2c621763042755f7a7af6bfa6b288022f19453090568d7e7c23dcTorop Tourisme version 2.0 suffers from a remote SQL injection vulnerability.
f993e7d991635981f6e04e07467d842f33ccd0f70d0bae57982817e3e54a7135ETAP suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Authenticated Users' group. Version 14.1.0.0 is affected.
1367964c70458bdbf8463029dfa389212fb4ad8f6ffd3291411ff5d82e8115f7Collectd-Web version 0.4.0 suffers from a cross site scripting vulnerability.
677f1e138f0fabb145e534d65964d3ca14c126d42cb45b63a3c352e5b9a2b25aPostfix Admin version 2.93 suffers from a cross site request forgery vulnerability.
c36bf42d6746cb09cb01c495637ea7bc269111f9cfcff5161901216a53a69331WordPress Brafton plugin version 3.3.0 suffers from a cross site scripting vulnerability.
3892ab1d003f41f07168502f9e5f6aef23d2da0523045619b7f5cdae1c604776Tuninfoforyou versions 2 and 2.5 appear to have a backdoor account of admin/admin.
e46b27b7198cf9427028f5400fd6095baf51d940716b313d1a1589f28aee6a8eVirIT Explorer versions Lite 8.1.68 and Pro 8.1.68 suffers from a local privilege escalation vulnerability.
99e7b9f6307895078411a34926f56ccf4cf7a8402380f92d3b0c10f55187df4eSAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a remote SQL injection vulnerability.
db00019357db1804ffea0c5ca76cb4f4042f6423e57de6a275761be682393508SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an information disclosure vulnerability.
ff32f8dfc483575f12d9638b631629d9ab8b592d1ff7efb0bb98169a0fa75462TYPO3 versions 6.2.19 and below and 7.6.4 and below suffer from a cross site scripting filter bypass vulnerability.
074a8b7081e6012807149a3a08eae83a45695bd2a613d575b6326428f2509193LG NAS N1A1 version 10119 suffers from insecure direct object reference, SQL injection, directory traversal, arbitrary file upload/download, and sensitive information disclosure vulnerabilities. Full proof of concept exploit included.
139d5541d3893fafb2b210fa4aee32b765e26956f437ba541403c289104e42e5Magento versions prior to 2.0.6 suffer from an unauthenticated arbitrary unserialize to arbitrary write file vulnerability.
aabdfe5b303d6f19ce1fc498c50679f141c6beebfcd6c15c192c8f28b94a86a84digits version 1.1.4 suffers from a local buffer overflow that allows for privilege escalation providing the binary is either setuid or setgid.
818b7cc163a17f93ba734876b24e2a24d385192108de436e269ae066edffd90aTns-Voyages Script version 1.7.1 suffers from a remote SQL injection vulnerability.
45bae1c6424f2044e6cc1f4b9970750ce5fd63fa497308b038f82330f0d107b7Cisco ASA software IKEv1 and IKEv2 remote buffer overflow exploit.
ff7023ee70394960ee524b25e81f0bf3bfee1b58abcce9f15123fc266a4510c2This Metasploit module exploits an authentication bypass vulnerability in Meteocontrol WEBLog (all models). This vulnerability allows extracting Administrator password for the device management portal.
b5a443a5fc418686d9d3ce0d8492afebd3f170b8a108d1cefb5fed42ef7ba2c7This Metasploit module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.
46eef5e2e82adcace1eb86cca34fa1691dfc435af8857a0821e91b120976f5fcWSO2 SOA Enablement server suffers from a cross site scripting vulnerability.
31d43f863469f43424bafc72bcd4ad822cc16db33e6a9b0bf7ffb2914a174118gdi32.dll in Microsoft Windows suffers from a denial of service issue due to an attacker controlling the Size argument in the gdi32!GdiComment() function.
db43b8cce7b5a88cf1f306d6bddb776823d2c0be5e51d507cafc7cb1aa4aa006gdi32.dll in Microsoft Windows suffers from information disclosure issues via the EMF CREATECOLORSPACEW record handling.
ad702dbd1e8d3499b0b0400f710dfb2273a51ad44f2be032b45acb14922319f3Symantec / Norton Antivirus suffers from a remote ring0 memory corruption vulnerability.
21cdf1867131c9fd3d343f392430fc0eb800cce0626266748dac5dd7851a01d4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed