Joomla Huge IT Gallery component version 1.1.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
120e40124b2650bf6bce6e60a521c443d54b15ebf39bb3e4eefcfa1bddb21b44The Joomla Weblinks component suffers from a remote shell upload vulnerability.
43c2692dbcc9023249dc7dcc905354ee474b5b51e10fc0837f5a1f16ea956d50Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context. This is addressed in version 0.15.0.
a6b400b8f7febcf337e4f3b6452bfd2ec96d9d6edd9c6329679e50b857c3b896NetBSD mail.local(8) local root exploit that leverages a race condition as noted in NetBSD-SA2016-006.
ee955b7a52b2b1e4a0cd6baef82904dc7cfb28e310abaf3166325756dc708c3fThis Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware version 8.0.1.007 and below and Load Balancer Firmware versions 5.4.0.004 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.
1140a40daee90570960cfd7f3c6d5cd7ddfbca7468a85535b18619b259be1089This Metasploit module exploits a remote command execution vulnerability in the Barracuda Spam and Virus firewall firmware versions 5.1.3.007 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.
808ddc4f2e9d4a40b867ca92e98217e9170d718d92040b6e9e8b3c8f3b5a6144Rapid7 AppSpider version 6.12 web application vulnerability scanner suffers from an unquoted search path issue impacting the services 'AppSpider REST Server', 'AppSpider REST Service' and 'AppSpiderUpgradeService' for Windows deployed as part of AppSpider solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
55ddb2f9d5c796a92a54f5b0955345575e3f554eb0f7b54edbe97bbeacde61ddTeamPass Passwords Management System versions 2.1.26 and below suffer from an unauthenticated arbitrary file download vulnerability.
a6f938983c6627ce76219ba9164c73d23d86783ad91a0f97d30fe23dfba8b5cbTFTP server version 1.4 WRQ buffer overflow exploit with egghunter shellcode.
a30f7f90aaf3e52cc92f8023f2b71bdf8d949aab32bd3f9c15ff00525964c1e4This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This Metasploit module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.
c6c0be3f72ff30a42cf8f8c8dcd4baa257f0bf6daac321668562e0a213562cb5UPC Hungary devices have the same administrative password for all devices, send it insecurely over the wire, and also use telnetd by default.
9e0e33c17bc41fa8dc76d5a50ef735e96f09bdd73c9fadc26ee098ec11b32761The Technicolor TC7200 suffers from session management issues and also uses a fixed password for backup file encryption. Proof of concept code included.
7a2e8ac2ef48f60614987fa552f45f98556917682e70c63df7742e5ad41f458aWordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.
a5f0af318f11ee0e790f9fb5900db8a34e7b925b850843f7eeed1f9c5e73b2f8WordPress Paid Memberships Pro plugin version 1.8.9.3 suffers from a cross site scripting vulnerability.
a5bb4dd7ef4da835e85ed1825882e67fe68468fd012001d45be5949f94701a2aPHP versions 7.0.8, 5.6.23, and 5.5.37 suffers from an out-of-bounds write vulnerability in bzread().
7111a3aeb099e5121e1419ef1d6496905a8379d4ecf9926707c9684242505445The Compal CH7465LG-LC suffers session management, denial of service, unauthenticated configuration changes, and command injection vulnerabilities. Proof of concept included.
5d06e5b58ccc73b68e5bffdbf0373df8bb1bc1f24567e7cae58f2a5c6f1b02e6The default SSID and passphrase on the Cisco EPC3925 are derived from the MAC address and the DOCSIS serial number. Since the MAC address of the device is broadcasted via WiFi and the typical serial number is within the range 200.000.000 and 260.000.000, the default password can be brute-forced within minutes. Proof of concept included.
6072b1ec30864428a22619448d2693155647c1a284a3e7a6e034187b98d0048eOpenSSHD versions 7.2p2 and below remote username enumeration exploit.
2f182c8354b3885f9f53dee4dfd49de6b64a388306dc36b6cf716adfc0ef8ac9A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.x and 11.5, Apex, Primavera, OBIEE, and Agile DB components. These issues include SQL injection, cross site scripting, XXE injection, SSRF, failed access controls, and more.
1653be97a06d0c2cfb3b03919f6fc2b0e26ba7129144b78467d3acbf64b1587aWowza Streaming Engine suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 4.5.0 build 18676 is affected.
2523e79ab44f97c6ba12c7d6cca69bcb2705a67438d5e18cab9228b1987fd2b6Wowza Streaming Engine version 4.5.0 build 18676 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. When the file is modified it is automatically applied into the application with newly created user account. Wowza stores sensitive information such as username and password in cleartext in admin.password file, which is readable by local users.
6aeb40c49c98f54885a81500ea883a8c18636e37e6a4106edc674c11c35d726cWowza Streaming Engine version 4.5.0 build 18676 suffers from a cross site request forgery vulnerability.
62f01e79af598b0742b989b77d2439edfb0e0bc768e7e6c6f6a1d2e4736744c2The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter 'accessLevel' to 'admin' gaining admin rights and/or setting the parameter 'advUser' to 'true' and '_advUser' to 'on' gaining advanced admin rights. Version 4.5.0 build 18676 is affected.
6dff3829d868f5291d523f9273d16a035430766d14c73adc9a0bea44fd2a9c99Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group. In combination with insecure file permissions the application suffers from an unquoted search path issue impacting the services 'WowzaStreamingEngine450' and 'WowzaStreamingEngineManager450' for Windows deployed as part of Wowza Streaming software. Version 4.5.0 build 18676 is affected.
d540e3f2fcd68f2e6da510dff4fc2e5afbf1649659c608d2f1f24e39cb9e934cWordPress Video Player plugin version 1.5.16 suffers from multiple remote SQL injection vulnerabilities.
e466846931ce435c89ed6a17e672eaf0b4818880fd543e1016bd3f3bc4de6f26
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed