WordPress Ecwid Ecommerce Shopping Cart plugin versions 6.10.23 and below suffer from a cross site request forgery vulnerability.
4d8603e0293338606a482d16c657252dae8f29113703208bc7aafca598be3ca6Backdoor.Win32.Bushtrommel.122 malware suffers from an unauthenticated remote command execution vulnerability.
cf89785b492c836d6c244e6fc3290bceee66fd68edf28a7400e7d2792d8b6e34Backdoor.Win32.Bushtrommel.122 malware suffers from an authentication bypass vulnerability.
d7fc922486275581f2cf458522575af4443622981bf09a3aaadddd603ff38990Online Admission System version 1.0 suffers from a remote SQL injection vulnerability.
9f6552806e7f79bf6438a86513e24999dcff366eebb104a253377d13284fc82eWordPress Testimonial Slider and Showcase plugin version 2.2.6 suffers from a persistent cross site scripting vulnerability.
25ecbf595ef86f9db782f57ba84d4478ef9c33a63a205a448ca3413ea4fe1f09VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a password.
84c0696cc53d2e4bd749c04b694cbb8ae3676b266a9d0e92ecb77d88dc2558c3The WebGL implementation for setting uniform values with an ArrayBuffer argument do not properly handle large buffer sizes. As WASM now allows allocating large ArrayBuffers, this can lead to buffer overflows when writing to the GPU command buffer.
0bdf6d06a281ed2823e5f46ea472615509e7f1f676d5bd3238d8cfd3b783d262Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.
b1a0f0eda16637855c7124025a9bba474d285060035c7ace064b81d352be6595WordPress Download Manager plugin versions 3.2.50 and below suffer from an arbitrary file deletion vulnerability.
81394c472063bd99c8767e0198e8bc71d4dc98bfdea27535691be0ffd873ac59This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user.
ed156b4196a5a0b6a6fd8e554208ebb6ce6da15417fc57d837d2b7e65c35c174MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP server that the target will need to connect to.
d15ef16680da0566fc6f0cd17aa36d661420fd2c8fbf3f002025e66fc8acc462Multi-Language Hotel Management 2022 version 1.0 suffers from a remote SQL injection vulnerability.
0c11ae5ed3c1b7202d2009cb0d1807126f6bde6b8e241059c3663ab7153e0cf7IObit Malware Fighter version 9.2 fails to provide sufficient anti-tampering protection and that shortcoming can be leveraged to escalate to SYSTEM privileges.
c6e27a8d7b7645ace9a03e1d2218ca5e5bdc9d279978795484de8145fd043895uftpd versions 2.7 through 2.10 suffer from an authenticated directory traversal vulnerability.
49eb3cd8623927e2347974445c0565c0ed3386c36a6f12fc4e148713a5029fd8Backdoor.Win32.Destrukor.20 malware suffers from an unauthenticated remote command execution vulnerability.
b2929297a27431a955030b6a10960d07ffdcbdeb69b274c81b62bcbd3f78ab50Omnia MPX version 1.5.0+r1 suffers from a path traversal vulnerability.
255a6f7727bdeaa16975148c3367339b2e812a601460e5e6e74bd1dfbe0dd441NanoCMS version 0.4 suffers from an authenticated remote code execution vulnerability.
f89daed79ee49f4e3db2c1bf5807bdc8863a2487fd65d3b7f4724e51f4fe642dCuteEditor For PHP version 6.6 suffers from a directory traversal vulnerability.
7af1d2df53c59d35bae895eb4619ecd262232aacf7df548b05790ea206f4dec7Backdoor.Win32.Destrukor.20 malware suffers from authentication bypass and code execution vulnerabilities.
094948131e62030329dfa1f6e0d5cc98ee61866dcecf381f4a6aa14f046758b4mPDF version 7.0 suffers from a local file inclusion vulnerability.
d9e2013ea0d6ee6260c03fe9651f945af86d37023bb012c16b218a5ba2c4c1f8WordPress Duplicator plugin versions 1.4.6 and below suffer from a backup disclosure vulnerability.
f52c96d84b29854a0f446a858b2b7641046268ef68ba2be7b21b09aeeced427aWordPress Duplicator plugin versions 1.4.7 and below suffer from an information disclosure vulnerability.
38cd46e9b0883e90c68e55e1459081b405275c6a3e9b4953e7114d5f941826d0Webmin version 1.996 suffers from an authenticated remote code execution vulnerability.
a89c83a46baf912bad79b59cea2c4954e3ac100a48e421ae4b7e8c04fc532526CodeIgniter CMS version 4.2.0 suffers from a remote SQL injection vulnerability.
95b28e947fb52c82785b9e221438f8e9b78449cd4019acccc826a0cac2e8875eEasy Chat Server version 3.1 remote stack buffer overflow exploit.
0ebd0c06f51730b5778c3be7b61402fad0ad14c7456fbd98a0605d0b61bffa49
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed