| Real Name | Patrick Webster |
|---|---|
| Email address | private |
| First Active | 2006-10-02 |
| Last Active | 2017-08-24 |
Trend Micro Hosted Email Security (HES) suffers from email interception and insecure direct object reference vulnerabilities.
b05cc034ae6b0b1c59afe01f4ef720d5545f811f1fcc30f3cf6db2bc68cf4f8ciPlatinum iOneView suffers from a cross site scripting vulnerability.
0748c764b11fe8653d8bdf660e05509be0b81f6592585f84e66a264607caccd8Moodle versions 2.7 and earlier suffer from a vulnerability that discloses the account name for a specified profile ID.
4f976a974fdadab3348c916dd40c13ac770e58b386f43d58b4af5a65ee162ddaAirwatch versions 6.1.x and 6.4.x suffer from an ldap injection vulnerability.
de63a8e1e53104e08f13950e374edc66f2fd33fd0b373e7bbf041d5891287eb4Avaya Radvision SCOPIA Desktop versions 7.7.000.042 and 8.2.101.046 suffer from a blind SQL injection vulnerability.
9df3a8763b4d5e5041c60ed04a57311756f2452722710236a1bec7035997445bLanternCMS suffers from cross site scripting and remote SQL injection vulnerabilities.
10d7e8a5a9ae21aa469a8adb55db9076be8af353719bd4c575e7a05d73cca228SilverStripe CMS versions 3.1.9 suffers from a path disclosure vulnerability.
add33c249921191d92637723848b95bc133583d1c0e290741c752d7043e43c6dSmartJobBoard version 5.0.9 suffers from cross site scripting and information disclosure vulnerabilities.
c79e0d8f6a1f8afcd1cdbe7ed6730c17027d52772fefbc91a7eebe1dc62521f4Computer Associates API Gateway versions 7, 8, and 9 suffer from CRLF response splitting and directory traversal vulnerabilities.
c3dd3bb5978a20a8fe51af9fbf3170c7d9624fcb5b17a87073c4c2abded21d2bKaseya VSA version 9.02.00.04 suffers from an information disclosure vulnerability.
5a59d2ffedded5fe54949dd29511e3205fb1e3caac953287dc781deab3742ac4Trimble / Manhattan Software IWMS version 9.x suffers from an XML external entity injection vulnerability.
034d6c464fd8dfb280cc2231b57e61e57db6af0250f94c9a8ef2fd8e71db6e52Tweek!DM Document Management suffers from bypass and remote SQL injection vulnerabilities.
990171f149c1422942f3130de220f72cd20ac33b6f5a833745b2d53902b4acdbInchoo Facebook Connect plugin suffers from a cross site scripting vulnerability.
3b57827980094611b40d59abdcc9cf5477a6100b8983ee3cadbc5ac782f744d0AcoraCMS version 7.0.0.6 suffers from arbitrary browser redirect and cross site scripting vulnerabilities.
b87426ec9fff88fdce255750542faa9c5b3eef962346cece91f55d16975ad4b2Kaseya VSA version 6.5.0.0 suffers from cross site scripting and brute forcing vulnerabilities.
7fe218cd1c415fe7ecf706fc430277ad0a16b68a9d7aa68e327097eb8897004bObSecure ObSecure360 suffers from an unauthenticated remote SQL injection vulnerability.
fa4d57dbca10c2118333bd095376533d52e59a640ac03e1c53419ae9f8c0c50dThis Metasploit module exploits a local file inclusion vulnerability in the Lotus Mail Encryption Server (Protector for Mail Encryption) administration setup interface. The index.php file uses an unsafe include() where an unauthenticated remote user may read (traversal) arbitrary file contents. By abusing a second bug within Lotus, we can inject our payload into a known location and call it via the LFI to gain remote code execution. Version 2.1.0.1 Build(88.3.0.1.4323) is known to be vulnerable. You may need to set DATE in the format YYYY-MM-DD to get this working, where the remote host and metasploit instance have UTC timezone differences.
96dbd26ee71f67057f541ea0a3081085a8e98bc7c5079679244febd71f971874This Metasploit module attempts to login to the Varnish Cache (varnishd) CLI instance using a bruteforce list of passwords. This Metasploit module will also attempt to read the /etc/shadow root password hash if a valid password is found. It is possible to execute code as root with a valid password, however this is not yet implemented in this module.
fe293ec94b3dfa7e3027ffc1c7be75b60a403e4ba9e56d55b6442ac2180a0939Ultra Electronics SSL VPN versions 7.2.0.19 and 7.4.0.7 suffer from directory creation and remote SQL injection vulnerabilities.
0420214b4d8e7885ff6112c9bce112f874056677399749e6e050d4409241720cCheckpoint Firewall VPN1 suffers from a remote information disclosure vulnerability.
23ce565b644ac90f408b650bb9e2fce1833dc96007bb898eba2a5b175e6b9423Elitecore Cyberoam UTM suffers from a cross site scripting vulnerability. Builds prior to 10.01.0 Build 0739 are affected.
b06e6512b53ea8ea20ff4be6e0b06151a0930083acb280cb4531302feec1fb02Squiz Matrix versions 4.0.6 and 4.2.2 and below suffer from a cross site scripting vulnerability.
435a3d8dfec7c3f21c7056390d4582ce63e6f475f3e84918594da65d8d50299bThis Metasploit module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.
5a5ef1d851e7541e28de7b53546932d0881adc18c9f19c4d8ea20156248a6ea5Civica Spydus Library Management System (LMS) suffers from a cross site scripting vulnerability.
ccad3046b9c60fd814e72667d9dc6bbdffd60997d5c1267f4d33d7f8e7ea6b90LANSA aXes Web Terminal (TN5250) suffers from a cross site scripting vulnerability.
a015d5357f35b389714d88ff7ffc8b31be4d05cf80d5372754c4d9f4734d92af
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed