WebKit suffers from a WebCore::InputType::element use-after-free vulnerability.
26accfef3c015e940fb5ee457cb6a29a72c381aeafaf3f15e41b5c7a42c7d015WebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.
6eef1993e0cd62e0fad5f186f71640c1ddc0dd0940b55f1ad76e91e12504c088WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.
b0d62cf7ab42c752da7c6b95126b1b47b02f6705a61df1f00207db405ed0dcffWebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.
8fb09a6df3645a5bb6ae947a46e56826654f1c6c20cf3208f9247bd19743e887WebKit JSC JSObject::putInlineSlow and JSValue::putToPrimitive suffer from a universal cross site scripting vulnerability.
f095b5aaa821ebc8b2b079ea176435f7ceb10452b75dab356e18e864136cf744MEDHOST Connex suffers from having hard-coded credentials that are used for customer database access.
3ec6996dd81186f3e6b24b5054c626a66031e271872c3bff28c529d9fc080d1eWebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.
8d22ca5e10db1797b729dcfc5c2d6c3e3fe279ed1337004c773ea5f826eaebf4WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).
d3dc861b45ee21a79280a28a3f48b4c0af5d9e2ccf5aa78da8711387b3faf038WebKit JSC suffers from an uninitialized memory reference in arrayProtoFuncSplice.
ce1c4741e5611858900581d7df034b8e7542529547943c3348da1dbda9904227RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.
becde93c067e78ba68597a35f6d477408561832538f83bbfc9c5867a28459d85RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to capture network traffic on the appliance's interfaces. Affected versions include build 2032 and 2.0.625.
acd4c88b4e6b269475472b9ac9f07228d4f40087768925bc7eb00ecfecd3522cRedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Affected versions include build 2032 and 2.0.625.
566d35f51e7eacf080b67dde2ac3e518fc64eab804ca996a361d492a9d1e33b8MAWK versions 1.3.3-17 and below are susceptible to a stack-based buffer overflow vulnerability.
8ae22f24c6687d7f34733d9e6e83cb7ac1404a6bfaedd4166e57d39f5962fe1dRedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Affected versions include build 2032 and 2.0.625.
73f166953c9826d6cb5ced2e73d23f83f1666942751bbe3a859d6bd211d10a9aThis Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.
890ea76a03a7ffc9458899b7ae1381272680a62d4a6c1693ff6dec23f6adde77RedTeam Pentesting discovered a cross site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Affected versions include build 2032 and 2.0.625.
24d8f1cffd703098f7bc99803e67978d1404d5582276c79f31555172622b593bRedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary files from the affected system with root permissions. Affected versions include build 2032 and 2.0.625.
4b2a83e33f783d6780df2b94816103795f01791ce55f04a8febcf31ae4a50c00RedTeam Pentesting discovered an information disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Affected versions include build 2032 and 2.0.625.
c1999c59bf1a49e27b345dcd1c7259a0a82d09f67464808f16ff746ad4c41449PaulShop suffers from cross site scripting and remote SQL injection vulnerabilities.
7c3af021c23b188fe48f320ae94baafff3bb919f1fe1a6986ef714449c4046f4Microsoft Internet Explorer mshtml.dll remote code execution exploit that leverages the issue noted in MS17-007.
849f2394e75f12bb7326f5a6a2dac97c8926f31c414519308124090678a4e556Oracle Web Center versions 11.1.1.9.0, 12.2.1.1.0, and 12.2.1.2.0 suffer from a cross site scripting vulnerability.
2531e12e01a7118146ce68b91b837af4880c4240f9cd622a3a92ab32ee4a9983This Metasploit module exploits a buffer overflow during user registration in Easy Chat Server software.
a11f51434b99747a06b9d4878be9cccbf5c461526ed75293c076ac0c7ffdaca3A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104 as of the day of disclosure) which can be leveraged locally by a malicious application to elevate its privileges to those of NT_AUTHORITY\SYSTEM.
9240ec8d6ca5d5eb386ea5fd8d70c4669a8c2b74388b4cb929f23fc1508d1dd8IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
f8bdea7a53ee5a4ab20fad1a03f6c2a2dfaa0823d9fec5b982ed96aa724d1965This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password supplied using HTTP basic authentication is used in a call to exec(). This Metasploit module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.
9eb1e6c5340ea76cc93256435c463b701834212afc1bee15eb34fd6f73202c7d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed