Kirby CMS version 3.5.3.1 suffers from a cross site scripting vulnerability.
6df556d967d4440fd3638967713eded85af7415cf01753ccabeda76f5d9fa161Trojan-Dropper.Win32.Injector.aobl malware suffers from an insecure permissions vulnerability.
800e7ece2ffebba147e3acb7a97f4598aedec2b1c3ab7ca5a0670c4b24acbd71Trojan-Dropper.Win32.Dycler.vrp malware suffers from an insecure permissions vulnerability.
e23ff9eb541ce52b96443c82874a027faf052548df6f0e76014edf8fbc27f927Kimai version 1.14 suffers from a CSV injection vulnerability.
afb42232708cf7c479a931df88973a1686f1c2e59c5995bf6636cc24c9b50abfThis Metasploit module exploits a pre-auth server-side request forgery (CVE-2021-21975) and post-auth file write (CVE-2021-21983) in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the /casa/private/config/slice/ha/certificate endpoint. Code execution occurs as the "admin" Unix user.
8fb3fd3d2660db09b165a788ebbd4aab98bfde09593d01e190121efb5d69716dWordPress WPGraphQL plugin version 1.3.5 suffers from a denial of service vulnerability.
fd8100cf3908043374f8ea4c72265eeed0145c4053e6b5d3a90a8ffba4670eddApache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript code-execution feature and executes the supplied code all at once, allowing for code execution on the server with the privileges of the Druid Server process. More critically, authentication is not enabled in Apache Druid by default.
b298c899e38be69b54163c4da54bb4be979f3abb34cca3c04ac527f6a5c92905Montiorr version 1.7.6m suffers from a cross site scripting vulnerability via a file upload.
5e6dcee09ca3a6208dca09fa733156105f960720d70334ae602f8f337f70aaa0Hasura GraphQL version 1.3.3 remote code execution exploit.
fd1bd472d72681b6bea0f117f6be6354dd7d97665b44e8f65f4f6a6b4af05267OpenPLC version 3 authenticated remote code execution exploit.
65b0210385b608740a93271d55b93113eacb1472f424450c8a33864212b6c54dSEO Panel version 4.8.0 remote blind SQL injection exploit. Original discovery in this version is attributed to Piyush Patil in February of 2021.
1484a300db9ca4769e7f8862d2b2c8deb6c8fe61ea69d300b5d0d81c9690ea4aWindows 10 Wi-Fi Drivers For Intel Wireless Adapters version 22.30.0 suffer from a privilege escalation vulnerability.
32a3533c7499f0b1656df4f46d4c4091cf67f7d914aa53d3ffec372e45979b20Worm.Win32.Busan.k malware suffers from an insecure transit vulnerability.
e69f213893c264746d1b1bde4cd255d1442b5c6ca56cbc76a86e46788c6af3edThe Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
7af65ecb81ce4b4c1a3d5b2e77c78c1b93a601f5b442985ac77bb97f00dc5731Sipwise software platform suffers from multiple authenticated stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
3a637df610f4399d796b60fd154117f140f2a37f20b84a0e7e662794af91313aDzzOffice version 2.02.1 suffers from a cross site scripting vulnerability.
a88898d34a0dd38bd0a624051e9d6708e30ca923f0b025646fcc6f58fb4ea499Document Management System version 1.0 remote SQL injection exploit that deploys a web shell.
e8d80953b2ef01723266a3371f3a2c5a42156162d5474910c8ea7602487dd2d5GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.
41f7e0ef54e05dad22d7753afc0b084638622f4b9593b685c302c7652a13556cMoodle version 3.10.3 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Vincent666 ibn Winnie in March of 2021.
1fcd1fa3ec121b2c10c68e0cb6e78bbc8b44e1d20dc9503759b2beb14529f62fBMD BMDWeb 2.0 versions prior to 24.01.21 suffer from persistent cross site scripting vulnerabilities.
499c18c38e8687b39167ce9265f6c4cdf83a764a4642327eea6fa7a0feb38768Packed.Win32.Black.d malware has an unauthenticated open proxy vulnerability.
b18b3ad5d47b356d0d074396d3e78619015d4e8d6d35c24f92a64f3e00c8a7c2OTRS version 6.0.1 remote command execution exploit.
9d111d76bea3e1afbf0a3f7944a2ab12828a882b5a33a64bd3c3773ab6853e44Backdoor.Win32.DarkKomet.artr malware suffers from an insecure permissions vulnerability.
6f97ec5a51f653a05bb81959971a0ad88089ac05e1df22f9ab1015828b1d15beTrojan-Dropper.Win32.Agent.xtp malware suffers from an insecure permissions vulnerability.
9aaf127156348dafcff76eb15d956c0680a835016e5b90fa5d40e53d8177432dRemoteClinic version 2.0 suffers from multiple persistent cross site scripting vulnerabilities.
b00dedb467ec2c26a898adc3fac196e892a358994af6fa922e3582ef27134ac6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed