Drupal-Wiki versions 8.30 and 8.31 suffer from multiple persistent cross site scripting vulnerabilities.
3d088d17dda324bc2da3df91c94310af275ec6c5f0b68e54defa0a2c4496f8d0NetSetManPro version 4.7.2 suffers from a privilege escalation vulnerability.
e8a3f23fc7f163c05873cbfb945bc19268910c026e3331a239742efa41af0936Streamworks Job Scheduler Release 7 has all agents using the same X.509 certificates and keys issued by the vendor for authentication. The processing server component does not check received messages properly for authenticity. Agents installed on servers do not check received messages properly for authenticity. Agents and processing servers are vulnerable to the TLS Heartbleed attack.
8d3ab2a2e1407bcba852d7925fccb15e6610ced1db687ba89dc4e1333028ea6dOCS Inventory NG ocsreports versions 2.4 and 2.3.1 suffer from remote SQL injection vulnerabilities.
e7fc54d755c00801636a6217329e667a3c538290ff2ad25a1fe2d5f5a446d2f5OCS Inventory NG ocsreports version 2.4 suffers from a cross site scripting vulnerability.
927f922342cae04cf72a1791db35f1d83533db1be55191b9a64f59848621cba9A remote attacker with knowledge of a single machine name and the corresponding OPSI machine key is able to execute arbitrary commands on any OPSI Managed client in the same managed environment by using the Remote Procedure Call (RPC) Interface of the OPSI-Server. The attacker is able to use the SYSTEM privileges of the OPSI Agent on any managed client computer and execute arbitrary commands leading to an elevation of privileges. Affected includes OPSI Server version 4.0.7.26 and OPSI ClientAgent version 4.0.7.10-1.
444597f83e9e0ad48a430a35373f0bc6a018226b622b3ff1e949820391597d37e107 CMS version 1.0.2 suffers from a reflective cross site scripting vulnerability.
b0a7d7d19b1bf2785fccdbdb0f2175d28946b402c3fbfdcc3590de48c18ffc57
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed