ComActivity version 2.14.35 suffers from a cross site scripting vulnerability.
811f05821587559d1d5b5dfda3115d93ba677e4524b0e3cfec7d39332bac3a40Oracle Outside In File ID library version 8.5.3 suffers from a memory corruption issue.
9c8ae6dc6a9a6d7b3b12479fd7a07ef5b5ceea818473f03193e8c865a379ff34This Metasploit module obtains root privileges from any host account with access to the Docker daemon. Usually this includes accounts in the docker group.
21635da937bd87b43dde24314b9ad467daff6d045814c41f0388dc2c1020eeb3Oxwall version 1.8.0 build 9900 suffers from cross site scripting and open redirection vulnerabilities.
a4c32ba0454c27f760c02f058d4510e06c897d4884125228df497819f6da4eecMyBB version 1.8.6 suffers from improper validation of data passed to eval allowing for the disclosure of the database password.
3d6c1ec3482077a352cb0a1a11260b9058bbaaeece23cc1c48d42e8cd4fedab7MyBB version 1.8.6 suffers from a remote SQL injection vulnerability.
578a8a6a42f1e722099b1d3ca87e3226ef2457eef8e1c59405a504c20e3f5b73MyBB version 1.8.6 suffers from a cross site request forgery vulnerability. Additionally, it stores passwords using weak hashing and sends password in clear text via email.
351e86f1c83bf425eb67931e6cb7d4733f09eb3e132c0c56808dd7f55ec4eb09Kajona version 4.7 suffers from cross site scripting and directory traversal vulnerabilities.
ed67e0114d9c33fdd1a3636f58d44dd22b21cc8994dda5e7185b29e8a676784cPeel Shopping version 8.0.2 suffers from an object injection vulnerability.
f8e546fb1b2fb0fa264d9960e43b71446e3c9db90f144f95349ceefefa2e21d7This is an additional EXTRABACON module for Cisco ASA version 9.2(3). This does not use the same shellcode as the Equation Group version, but accomplishes the same task of disabling the auth functions in less stages/bytes.
b48c246e5c9d0e2536c96945fc13c72466f5ca13beb249ed401f73eedaf53ac4MP3 Cutter version 1.1.0 suffers from a registration bypass flaw.
99ca49468c2b0873ac3f4c1a3263cc0c733ad1d60e29c4f2cd85be483c4ee3c9AnoBBS version 1.0.1 suffers from a remote file inclusion vulnerability.
4c11842d58ef08fa53b6dad979d774aeaffbe2f8389350ae85d0e91ea4ec6dd6BINOM3 power meter suffers from cross site request forgery, weak credential management, information leakage, and cross site scripting vulnerabilities.
da90f0253119dee9efcf642299ab65df9fc9b9a14cd008de6f27108d78d99c7cApache Mina 2.0.13 uses the OGNL library in the "IoSessionFinder" class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method "find" is called. This class seems to be only used in the JMX MINA component "IoServiceMBean". When the IOServiceMBean is exposed trough JMX it is possible to abuse the function to execute an arbitrary command on the server.
5dca9550346e53b4b4b1f76ec51319517cdbd8e4a939ec303316d56728bfe74dThis Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1), NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.
538ce6a834dffd6d9e669ab16ae984c12556d38cab1d2870f6bbbd5bc570cb23Cisco EPC 3925 suffers from cross site request forgery, cross site scripting, HTTP response injection, and denial of service vulnerabilities.
ed4af8b74667a82a5e98bb51f2fba7e957bd5c72c053429d6de82646b744cb56ASUS RT-N10 routers suffer from code execution, cross site request forgery, open redirection, and cross site scripting vulnerabilities.
dcdcb2b75c0284cb708af0e9f786968b3347b8b5d0a0914ab6939ef508380ad5PrivateTunnel client version 2.7.0 on x64 local credential disclosure after sign out exploit.
833c62176b378d25b4bb3217d9ac7e9b9d1544e1f72f511ed6bc0bf04f288d96Bezaat Script version 2 suffers from a remote shell upload vulnerability.
deac276f862436d000fd9e40fb444322456cb14fc468456ee75425acb2115792Bezaat Script version 2 suffers from a remote SQL injection vulnerability.
f7543b385c7de6c651fac0838df731683cc5ae7045b0102b68f2d852c71b3087Mum Map Edit version 3.2.6.0 suffers from file manipulation, passing of credentials in GET request, remote SQL injection, and other vulnerabilities.
6c295fdd7f7a3b1e1dfbccadbc6b1e541384fbabed8441cf673d86b21c8c8853Siemens IP Cameras version 0.1.69 suffers from an arbitrary file download vulnerability.
01a780afd8f5d501bd59f3b099b6a25268b9ab5bf3b7d184618330f109b16376WinSMS version 3.43 suffers from a local privilege escalation vulnerability.
e97b6167bf71488906ab8afba1333eb7e3ee2282fb54aca77ef426faa7239259Microsoft Internet Explorer version 11.0.9600.18482 use-after-free exploit.
0e3af4b4a6dbce4ae5a6cba4e7aaaba1d681fb748ed27e9320ff2812bf7d01f0Multiple Icecream applications have insecure file permissions that allows for privilege escalation.
32383b205f0751a95a6ee956fc1c76a9d7441a8599a420ea8d90e54cb72f22cb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed