Joomla Huge-IT Video Gallery component version 1.0.9 suffers from a remote unauthenticated SQL injection vulnerability.
23591d1c5baab1dd97cf541e0e9530809619db9d2680fd8d0aa19ddcb03cd816Kerio Control Unified Threat Management versions prior to 9.1.3 suffer from unsafe usage of the PHP unserialize function, code execution, memory corruption, cross site scripting, and various other vulnerabilities.
c22171b8824d2b252b1a4ea012d4bc8d7cc2305a401acabe53ffb1f9885c3e3dMicrosoft Internet Explorer 11 is not following the CORS specification for local files like Chrome and Firefox. Microsoft does not believe this to be a security issue.
d427f830f768b41cde9f338a6e270c5ffdd96617add1cdcfb86beb27d8769480Silverstripe theme Newedge suffers from a cross site scripting vulnerability.
2ad7428ab78125654bb9ea68b2d4509003baf6277ff46bf667722791a214f490This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue. This Metasploit module was tested against Kaltura 11.1.0 installed on CentOS 6.8.
ba9012dd4f49aefcf4379514160c82dc80f1785189dc8f95974035d6f73830f1This Metasploit module exploits the "diagnostic console" feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an administrator on Metasploit Pro and by an authenticated user on Metasploit Express and Metasploit Community. When enabled, the diagnostic console provides access to msfconsole via the web interface. An authenticated user can then use the console to execute shell commands. NOTE: Valid credentials are required for this module. Tested against: Metasploit Community 4.1.0, Metasploit Community 4.8.2, Metasploit Community 4.12.0
4f3bb48177d573f2d188fe4a2e93543cd54f1257e65865784c469730b1b9051bBT Wifi Extenders models 300, 600, and 1200 suffer from a cross site scripting vulnerability.
83936b94e6a31c5e450025084893cfe0398ef6c6e6db76f38eb0bae5f21ba3f2A malicious sftp server may force a client-side relative path traversal in jsch's implementation for recursive sftp-get allowing the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process. Versions 0.1.53 and below are affected.
dfd3deafc8949119431558bc8219895f763a1d7d6a7b008eccb812e5d19ba8c3Symantec Antivirus includes RAR unpacking memory corruption issues that can lead to remote code execution.
9f57b2a3b52264e8df535a836560985566bdee33f433a00744602c523418b41fMicrosoft PowerPoint 2010 suffers from an invalid pointer dereference vulnerability.
5c7cd7d8e99b6f1f1a0d9fbb154e1948a7c293749f6d7b8665e48d59d78f8193WordPress W3 Total Cache (w3tc) plugin versions 0.9.4.1 and below suffer from a cross site scripting vulnerability.
fd336a5de820d4386bd67cceecd95849541d0a8251cd5a04277ce69a6823f9b8Exponent CMS versions 2.3.9 and below suffer from a remote blind SQL injection vulnerability.
3e237ec6c00af59c1ddbf878a77aa82dabfd991c656a7c28bd3a59c7ae1da0edVegaDNS version 0.13.2 suffers from a remote command injection vulnerability.
691f14f46448b114528c54e8b25a49d68c7140203e7d8634eb7318d2424b2d4aDolphin version 7.3.0 suffers from an error-based remote SQL injection vulnerability.
3f7601ff61e6c2a8e66c765afa277832197db4eb3fe1136bd295b5ff8d0e6de3DLL Hijack Auditor version 3.5 suffers from a stack buffer overflow vulnerability.
079daf2fcf5386a4fd101c08688706ca0b26eb047c680de68e2dcb012253f2f8AppDynamic version 4.3.2.1 build 57 suffers from a cross site scripting vulnerability.
f5cde956ddc6e0d21c9c246292f6adeeb00e7f88e875c634f3558a2a44267ec9ZineBasic version 1.1 suffers from a file disclosure vulnerability.
06b86484883fae23c8361309d9226646bad9cb8fbabb56cbe1ca5a708ff912f7ShoreTel Connect ONSITE versions 20.xx.xxxx.x and 21.xx.xxxx.x up to 21.79.4311.0 suffer from an unauthenticated remote blind SQL injection vulnerability.
5fe02891997443ded0a53a2ce816960a4a202cd2c141c914b517d4e640ef0545EKG Gadu versions 1 through 1.9~pre+r2855-3+b1 suffer from a local buffer overflow vulnerability.
aff59676a07ff154fa771cc294cbe56e8183978dc06b3dd5415de1f85a85f11eMetInfo version 3.0 suffers from a remote SQL injection vulnerability.
80cb6eb5667364f3286bbb37f303a6416c133be7473e6f3e36d2d33b71b91b40CodeCanyon iBilling version 2.4 suffers from a cross site scripting vulnerability.
d41d9e15c4377e6843aa40aa225587fee960487ca541dcbc3aa1522e730879d7ECShop version 2.7.2 suffers from an open redirection vulnerability.
e2a2b9bda2e63613dc12ca1dac19cb1a78d027e42940469e7b036872f2a9c921Coupon CMS version 5.00 suffers from an open redirection vulnerability.
5599af4764b8c21fc79507d31150a23d50bc62d02d88da4c361685c6f38e5470VMWare Workstation vprintproxy.exe suffers from multiple memory corruption and other crashes in the handling of JPEG2000 images.
edd5397d8b520f00253f4f9311dff71b9765d0e2c44fa145e57518fe92c73758VMWare Workstation vprintproxy.exe suffers from a heap buffer overflow vulnerability in the handling of TrueType NAME tables.
1d5414c24aa6efa04b7bd1a2dd19dca752085107658d72d462362ffb0de5eceb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed