HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary (com.privax.hmaprovpn.helper) local privilege escalation vulnerability.
dbab384b2c2cf9076d625633efca65abHideMyAss Pro VPN client version 2.2.7.0 for OS X suffers from a helper binary (HMAHelper) local privilege escalation vulnerability.
4e9c69f81809b928fa5fb9a01e6fd6c7WordPress NewStatPress plugin version 1.2.4 suffers from a cross site scripting vulnerability.
f2fd38b71b380c6af9a9110449ad562fosTicket version 1.9.12 suffers from multiple persistent cross site scripting vulnerabilities.
a11db04acf9963a5de4465717e9442baWordPress version 4.5.3 suffers from a cross site scripting vulnerability when an uploaded image filename has a malicious payload inserted.
0161ac0b585bf93aafacc9cd06d0582aWordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.
128f43aecf47badf4272571710225474WordPress Ninja Forms plugin version 2.9.51 suffers from cross site scripting vulnerabilities.
004445f8baf4060508c00de52f0c52e2WordPress Activity Log plugin version 2.3.1 suffers from a cross site scripting vulnerability.
736e891187f3de875921d045817d118bWordPress Live Chat Support plugin version 6.2.00 suffers from a persistent cross site scripting vulnerability.
9145a57994ede874ba32eef668b65779Synology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.
a796d2461c7e924ed0d96630e9e71583Synology Video Station version 1.5-0757 suffers from remote command injection and SQL injection vulnerabilities.
2d70ccd0c21c161323f8483a0c458393It was discovered that the server certificate validation checks performed by EMC Secure Remote Services Virtual Edition are insecure. Weak certificate validation allows attackers to perform a man in the middle attack against ESRS connections. This allows for eavesdropping on, and spoofing of provisioned devices in ESRS VE (including but not limited to home calls to the ESRS portal esrs.emc.com). Versions 3.02, 3.03, and 3.04 are affected.
7422644d438f591155d98b9d637802f4A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.
b7c5905da53dbedf0252c0e0eaf31a32It was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.
50c91a8bdcdd159b0b9034e8ccc241edA cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.
1579db71b1b93c28ae8678b57f16a887It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
9874325f86bef49d1ece9fd0d75e93beAn SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.
38ab9bd223d35a3ae4036a23e8101091A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.
1ce9eb0a674b58ee302cff1521c315adA path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
8b88774ea14080fe5e9b90b7285e9723A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
75c8cf8cad96cde32de2124ca6a7d13fA cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
b5a7bb3b7795ea4a02931e1a103d80d6A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
0905638d0042501994a70dc5a5008beaA cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.
3229a84d50ed04e1c73f2ab068557038It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.
654ea83b4f8835317d17c06f0d8566f1It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.
eba368f2ffa4a6d9413f27cae2d20a8f
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed