WordPress Ultimate Product Catalog plugin versions 3.8.1 and below suffer from a privilege escalation vulnerability.
26e16b8111d6776a483b80f13ec222d56319239cdae60821e333d1e54f5b61b3Skype for Business 2013 suffers from a user enumeration timing attack vulnerability.
dedc70fffc5ea2d07f68d69fbe8ae570b34e97daacc51b72c8224705bb509cbcphpATM versions 1.32 and below suffers from cross site request forgery and path disclosure vulnerabilities.
df0c2e8cdde4cef425a90d37b3280ca2ab7ba7b73bf71860018c5dd1ad11740fWordPress Gravity Forms plugin version 1.8.19 suffers from a remote shell upload vulnerability.
08f28d9eb0582588c81b63481ca58e5db3c64a1f7c6546c4b854f69d5d88da51With MS16-063, Microsoft has patched CVE-2016-0199 which relates to a memory corruption bug in the garbage collector of the JavaScript engine used in Internet Explorer 11.
8d60da32ba3ba0db4a0f218c7ca375ed14206761ebd4594a313e25dd2ebe4eaephpATM version 1.32 suffers from a remote shell upload vulnerability.
bd06692dea631ae0422f2ca3b556ff56ffbb8f5f6d8db4dccba08d74b62429d9Tiki Wiki CMS Calendar versions 14.2, 12.5 LTS, 9.11 LTS, and 6.15 suffer from a remote code execution vulnerability.
4685c3289b13b709e9edc89b3d6c123f6e13f0a8d27d431dac59b8798f51c5d0Adobe Flash Player versions prior to 22.0.0.192 and 18.0.0.360 suffer from a DLL hijacking vulnerability.
f6c1e0db1cf0414a2c4e623656746bf18311c21d232ce0247945fb82f69047edThe configuration page in version 7.1.9 and below of op5 allows the ability to test a system command, which can be abused to run arbitrary code as an unprivileged user.
34a689b22e757960916b2b0af3d9484a9d86ebc2d53f95c0c172deab2122b07eGemalto Sentinel License Manager version 18.0.1 suffers from a directory traversal vulnerability.
b6f5fa824af2472d89f14922b1eecb858b838bc8381d5dfedbce1270a4f00f76Papouch TME ethernet thermometer and TME multi: Temperature and humidity via ethernet both suffer from cross site request forgery, hardcoded backdoor super user accounts, and missing access controls.
f0ee50dfb9961307792f4a00e338a077ffcc384ad59b75c9c48148eb47af0af9HP StoreEver MSL6480 Tape Library version 4.10 suffers from cross site request forgery, weak default credentials, and access control vulnerabilities.
8f08337957222b11d4c4a443649d9ff928174b1dd9235eb25bb284e0dc7cb01dVicidial version 2.11 suffers from a reflective cross site scripting vulnerability.
470527fc33fccb2596dd91bd347a8e1ba1e96a9b5a7baa96273bae4002438f37Python's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme.
9fea0de30ead37c21a774ad8b50ab697e88f3e051112390e3be85d2e599d044fThis proof of concept crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce.
b7aa281ca915adfcd3f0036cfcc5520eaeec49ed0e0bd9d5eefcf699d19dd4d5This proof of concept triggers a blue screen on Windows 7 with special pool enabled on win32k.sys. A reference to the bitmap object still exists in the device context after it has been deleted.
f04d7b9b1c0e9540acf78ea24f4a7cb1a5447a0d505993588c4d2ec4d70d0eefThis Metasploit module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on a system, regsvr32 will request the .sct file and then execute the included PowerShell command. This command then downloads and executes the specified payload (similar to the web_delivery module with PSH). Both web requests (i.e., the .sct file and PowerShell download and execute) can occur on the same port.
653e52256863e298ea027d1fbc2e93563d971499a730d085d1bbd98fa0c2ab72Roxy File Manager versions 1.4.4 and below suffer from a remote shell upload vulnerability.
85c837a12824706aaefba54d873df121becb48e231016a8e0f38d349a8ec7130Multiple ATCOM PBX systems suffer from an authentication bypass vulnerability.
8dfb3eca25689e91bfe4c801bf3df1163e8c3c7334d4429d6b0549a9c76936a3Several functions in the GPU command buffer service interact with the GPU mailbox manager (gpu/command_buffer/service/mailbox_manager_impl.cc), passing a reference to shared memory as the mailbox argument. MailboxManagerImpl does not expect this mailbox argument to be malleable in this way, and it is in several places copied and passed to various stl functions, resulting in unexpected behavior from double-reads when an attacker modifies the mailbox name mid function.
f8a976a14646044c7e5586eef81525079a7a9db25b46316e0dc9807036d3e4bcJson2Html javascript library suffers from a cross site scripting vulnerability.
c1d9df792a2e871f24882a4c9e37dffb7c6ab9bfcbbc66857d3b9b1b97e24843Slim CMS version 0.1 suffers from a cross site request forgery vulnerability.
fd24e756bfb55998e55147903393b302ca7a56ca3ccd23276855b02bbf47239aSolarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.
f915b7c8e1490be3b5efefa54a6482a71e7b49a70921a15a16cb111dcf215ee6This Metasploit module exploits a vulnerability in the Bomgar Remote Support, which deserializes user provided data using PHP's unserialize method. By providing an specially crafted PHP serialized object, it is possible to write arbitrary data to arbitrary files. This effectively allows the execution of arbitrary PHP code in the context of the Bomgar Remote Support system user. To exploit the vulnerability, a valid Logging Session ID (LSID) is required. It consists of four key-value pairs (i. e., 'h=[...];l=[...];m=[...];t=[...]') and can be retrieved by an unauthenticated user at the end of the process of submitting a new issue via the 'Issue Submission' form. Versions before 15.1.1 are reported to be vulnerable.
698e0392eb6fd3200601379e4e3d239ebb1d4c3143e7663f8154566abf6dec9cjbFileManager suffers from a path traversal vulnerability.
a79015bbb00e588181d9b153f7cac50d3cf3b638872d17a01e594029c4e6e0e5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed