Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.
d05822677796f7d42a5885b32d014b3e46f07144db1a28c4abd29b4ef4b5fb85This is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.
d05d7429ea70363cecca14474d2edcf047db67733e981e02c510f7d4967caf65NETIS DL4322D 300Mbps Wireless N ADSL2+ modem router suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
b0c14dece0ef955428e9b6e9f570ca06da3ba8d664cbb649ec238a4e2091226dEaseUS Todo Backup version 5.8.0.0 comes with a hardcoded administrative password that is a potential backdoor.
0cc6d6d41811254e9e104cbf690cb20d99997fc1e10e662ae84fce53fa90ec43This is a php script for brute forcing basic authentication. Takes a word list as input.
2c34929a4ee75e635f22f8cd534b8efd1b01310758d6e71dc4bf7d43ccbfac8fWordPress LayerSlider plugin version 4.6.1 suffers from cross site request forgery and directory traversal vulnerabilities.
ee946745fef274d92410d3a5ad6ce3b5a599ed334d2b42371eea610f180683d6This Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.
b4d11d94bdfda21fed51296f5789bea65f23c1f03f5b7bd525895268f5a560b0RootPanel suffers from a remote SQL injection vulnerability that allows for account takeover.
3b0a2b15e86e26905ee913231acbaecfa5ddc1f2eefcea4109cfc8734f8e8c13This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval(), in InstantCMS versions 1.6.
f892f3ba804eed45332252715f4d92a0ebdcd7ca8371e0832ec7162473120f06InstantCMS version 1.6 remote PHP code execution exploit that spawns a reverse shell.
58c5a918b42d3c4c9947890483bf68e4a4eea813701b686f794e5f548a9a717dAvira Personal appears to suffer from a privilege escalation vulnerability.
eaf724f00a57c953aa68cb8bf5bf660c22076238cbf4e3a71e4f2c63cd81df8aMiniWeb build 300 suffers from remote arbitrary file upload and directory traversal vulnerabilities.
a57a2db6fe50d9e301599498e605af858c7f62b49d0e6f59f1d1c1a196cf857aEasy FTP Server version 1.7.0.2 CPU consumption denial of service exploit that causes the condition when sending a POST request with an empty body. Written in AutoIT.
5444040cb0c0fc5ebba94c6715a808fd92aca58033ee9f78ebbb2646a8c9747eSmallFTPd version 1.0.3 denial of service exploit that is written in AutoIT.
490e57206bbfaabcb311fd30eaeb013e30240b0f0f106cd454c6062b57aa06e9TinyWeb version 1.93 remote denial of service exploit.
242e36e9ce450ee2d014a6cc29e51d1b091945a978d90246115388bd0ba9453aClipShare version 4.1.4 suffers from remote blind SQL injection and plaintext password vulnerabilities.
a568735b6f3205c221aee116bd737215c0b537dd6bb646bc342ef61168392866This Metasploit module exploits a file upload vulnerability in Glossword versions 1.8.8 through 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.
6a00fc56bffca149e62d8602fbecdb81bf01e94e53c11f7eba4da3baed5c74a4CKEditor version 4.0.1 suffers from cross site request forgery, cross site scripting, and path disclosure vulnerabilities.
2c20ce891948eae0f4f51822b52a5828b5323feb467a4e2335e8e988ab6aa4ceGlossword version 1.8.12 suffers from database backup disclosure, cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.
2d5417850fab055452a54292f538cc5ad51a4ade48693dde348bc6cc0b306a79Glossword version 1.8.3 remote SQL injection exploit written in AutoIT.
b1647adab7c95838d52a37152ef0a824efa23e82e75330c6ada125d53919fbdfPHP Weby Directory Software version 1.2 suffers from cross site request forgery and remote blind SQL injection vulnerabilities.
572d1b20768e8331c2b66eac4d6d1dc5cfdf85fc241f40af5ca5afd11e3ac57fWeboptima CMS suffers from add administrator and remote shell upload vulnerabilities.
fc99f270ff007095d824949c224a7ce7178b34040bce8b1aaa503770f5db42fcThis Metasploit module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name.
86b5c1161bf85a443f8e4b8508791a0ee94d2cdae006c712017aee8069f71402PHP Charts version 1.0 suffers from a remote code execution vulnerability.
64dbb04aef88e5fb2954ee4818a1aac7de41ecf55f1212bd08d0eddd49109241Business Solutions CMS add administrator exploit that does not require authentication.
fa6b20834c1535c6a89139a7f3194efde7fe3bb133b1ffaf7e80a747ce527856
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed