X-Cart versions 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 suffer from a PHP code injection vulnerability.
5c6af3d1ed388db21242b82fbc516a582dabb01c58afe85edbd84bcdf72fe0b7OctoberCMS version 1.0.425 suffers from a stored cross site scripting vulnerability.
3df000b7a5627cbc2f13686698775fb84026d7281fc3bd4fb07cb5597369b8c1WordPress PopCash.Net Publisher Code Integration plugin version 1.0 suffers from a cross site scripting vulnerability.
bc43e6bb6418aa92b18d68bca69df3a6e940982b9f72175c36b19b217ea91135WordPress Pootie Button plugin version 1.1.1 suffers from a cross site scripting vulnerability.
24a76bc6d718c2e56014b480a5dd48a2f4457b3c5a0a2bd4c5ad481bae6cdcabSync Breeze Enterprise version 10.1.16 GET request SEH overflow exploit.
ec771f88550b94bbe9cfabcdcf4db2ad8e3d37f026bd35777f5551bc63ec5a8eVX Search Enterprise version 10.1.12 suffers from a buffer overflow vulnerability.
d714a624da49d1d906deb28458ae1d8c8d99fd4de2c5a27596421255c59f38baASX to MP3 version 3.1.3.7 .m3u buffer overflow exploit.
13bc3edf4476c4419e1830011e4cdc53a1186994835ec9c4058070a351f28ea7binutils version 2.29.51.20170921 suffers from a read_1_byte heap-based buffer overflow vulnerability.
726058e1fb4acb175d2d189367a385fbff745ff2cf8453569cb233dbfb4897ebThis Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product has a widget feature which is implemented with PHP. Talker.php takes ack and hash parameters but doesn't validate these values, which leads to an authentication bypass for the widget. Proxy.php files under the mod TMCSS folder take multiple parameters but the process does not properly validate a user-supplied string before using it to execute a system call. Due to combination of these vulnerabilities, unauthenticated users can execute a terminal command under the context of the web server user.
533339b2e9cfb58d88fe79c7a17a4f87348ca31165bf2459d2e7dc2caa154258WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.
4dca75cd604be2d9ee5f59b3df5a6b97e028b213c809e41dec3862eafa62e6c7WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.
fe442cde72653defe51ab63edea37018252e0e898b0851ee4a61c92bdfdc035cWordPress TR Easy Google Analytics plugin version 1.0.0 suffers from a cross site scripting vulnerability.
ea9d6f445f2db6d613964c18b3a71c4686beb9d26f23bd5d1554ed9afd3ba63aIBM Notes versions 8.5 and 9.0 encodeURI denial of service exploit.
665e3d77d24d49951bde37e7d172c21162dcd49b47021d00911a8a73b5cb5f21Subaru's suffer from an issue where the rolling code used by the keyfob and car is predictable in the sense that it is not random. It is simply incremental. An attacker can 'clone' the keyfob and, unlock cars and, when increasing the rolling code with a sufficiently high value, effectively render the user's keyfob unusable. Exploit code included.
8458aea19647ae5b7eab00c281b4787845861d674484600df933adb38473f6a7The PostgreSQL 10 installer for Windows suffers from a dll hijacking vulnerability.
53508de2e1b750287c30bbe3c9bca27c1d738c50051878d731c03da7ff37006cApache Tomcat versions prior to 7.0.8, 8.0.47, 8.5.23, and 9.0.1 (Beta) JSP upload bypass and code execution exploit.
9f631e5a320e03ca0b355844875e6306ba45407ee002501d9bd563bceca5f8a9ClipShare version 7.0 suffers from a remote SQL injection vulnerability.
458effd7ae06e9c1dc7b21de9744cb6156b02e2ffacd2d4b076251d0f953baa2Complain Management System suffers from hard-coded credential and remote SQL injection vulnerabilities.
3be585edded8beced2ec612feb0cfb8328342bd18b5adda9d192b4e72f4c2380PyroBatchFTP version 3.17 suffers from a local buffer overflow vulnerability.
b666b0ec6aef7328c36ec40f9fdf17f6401c1d474e06d6a020ddf4a4e61a884fASX to MP3 Converter versions prior to 3.1.3.7 stack overflow exploit with DEP bypass.
d86f957cf16e5039a87aad4be91f2a154278241986f7d082a41731b957986db3Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com. Use `check` with verbose mode to get a list of exploitable Rancher Hosts managed by the target system.
cedd93ec70ea235aa99b19084d79514a56ad7dd7b2451baa00221a0a6edf4952This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable.
6b95d890105219958f616c483516ec8ac37b8e04b1fd345dac0b2ebc8176073cMetasploit Pro, Express, Ultimate, and Community suffer from a cross site request forgery vulnerability.
4f975ffb94cadeb9b86881ec0afee39d875da87033f9c6822af9146e5a9a4d61Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability.
ca71842cb4e74173030f211999d389dfe2a9a3c19eef8bf22a35b124a45d5cc4WordPress version 4.8.2 fails to have an expiration mechanism tied to activation keys allowing for eternal use.
a00c295b2439bee4a8946da0bc86cb2acf8c5173fdf2b8e9ac7d765537d6f141
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed