Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.
a9f92655da6950f9d0df2f27d09f42aaThis is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.
d52a48cac7f353140489e0ea242197fcNETIS DL4322D 300Mbps Wireless N ADSL2+ modem router suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
5cafd193388eec34ba7ec5ad30879245EaseUS Todo Backup version 5.8.0.0 comes with a hardcoded administrative password that is a potential backdoor.
9d4ba97087cb7cbb7f183dc491c10c5dThis is a php script for brute forcing basic authentication. Takes a word list as input.
96142b20d260ef197791576e823247deWordPress LayerSlider plugin version 4.6.1 suffers from cross site request forgery and directory traversal vulnerabilities.
c8817a417f940dc5c706240eeb452e98This Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.
fa38cf29be5e352355ed7ba6d0f4e3e4RootPanel suffers from a remote SQL injection vulnerability that allows for account takeover.
795ec693341a08d1900f0a8130932ac9This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval(), in InstantCMS versions 1.6.
e6fe49a21c081f6767abccc8e0116845InstantCMS version 1.6 remote PHP code execution exploit that spawns a reverse shell.
5a786e6ec0ba28fb6a279b4e589c45a7Avira Personal appears to suffer from a privilege escalation vulnerability.
d67bbd39ef75b76d3078e00030abe2b5MiniWeb build 300 suffers from remote arbitrary file upload and directory traversal vulnerabilities.
d7d4c6430847f0af7f16ae7822ca5f7aEasy FTP Server version 1.7.0.2 CPU consumption denial of service exploit that causes the condition when sending a POST request with an empty body. Written in AutoIT.
244f7e407ebca209425ca4a54481d4f2SmallFTPd version 1.0.3 denial of service exploit that is written in AutoIT.
f1fd56651b0f35bf3e1a37fa38d9b07aTinyWeb version 1.93 remote denial of service exploit.
f7329ebb1ee46c8750d9e955594ef6dfClipShare version 4.1.4 suffers from remote blind SQL injection and plaintext password vulnerabilities.
7418514787f8284d8aea9ea8e440433fThis Metasploit module exploits a file upload vulnerability in Glossword versions 1.8.8 through 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.
4f1934a968cdbb5fa314b491cfd0ec99CKEditor version 4.0.1 suffers from cross site request forgery, cross site scripting, and path disclosure vulnerabilities.
1f58cd6059c53dfb81ea20b836e673d0Glossword version 1.8.12 suffers from database backup disclosure, cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.
666af829d52b5101506e29ed164005d2Glossword version 1.8.3 remote SQL injection exploit written in AutoIT.
5ed80c3f320c9c79964569aeaaec0e04PHP Weby Directory Software version 1.2 suffers from cross site request forgery and remote blind SQL injection vulnerabilities.
655cfb6834b9506dbd235393b2bfc3e6Weboptima CMS suffers from add administrator and remote shell upload vulnerabilities.
3643a702108fdb2bb08d1d7e1a8dfed3This Metasploit module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name.
4f7b656eb76a787a79203f9a1c768c21PHP Charts version 1.0 suffers from a remote code execution vulnerability.
68464c5f9fb1bf3ee86df968d0400282Business Solutions CMS add administrator exploit that does not require authentication.
0ffd3882003ceff982bf72e3495bf10c
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed