Hornbill Supportworks ITSM version 1.0.0 suffers from a remote SQL injection vulnerability.
2eeb3aa7245d5145d3ec988798da4951d75aef73c27a476bcea507ba736fbb89Safend Data Protector suffers from multiple privilege escalation vulnerabilities.
7fa4ab53d92dfd88c732eb79417967adbe52865b5df1b66c86b093a3abbc15b9Forescout NAC (Network Access Control) version 6.3.4.1 suffers from ICMP and ARP protocols not being filtered, cross site scripting, and cross site redirection vulnerabilities.
90ab742926bd9cb0fc57e37ec8e11486dca2cd8c598556ffb9050f73ff6d40b3Realplayer version 15.0.5.109 is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility.
4574d497f5b7de99ddcba37f9338d21972b688102da3b115f156e7604e82c00bLayton Helpbox version 4.4.0 suffers from a reflective cross site scripting vulnerability.
3827c1464b24bc29ab3e651ff29501dbfd6b5cd47b535b390f6cad47d2082994Layton Helpbox version 4.4.0 suffers from login bypass vulnerabilities due to improper cookie design.
16ee66d4cbd6d224b10fa5f95bc298defb75ded84f60334c0975efd6f7d244e2Layton Helpbox version 4.4.0 suffers from embedded cross site scripting vulnerabilities.
84e000e3e44575e7d56f64a765baeb3ba0680194d10cef458af3c321b7470c55Layton Helpbox version 4.4.0 discloses login and password information for the database in an error page.
ffb1e252d827f52f414c14552b658fe20322ca6da03f2bccb5d2f3d6fa1aa597Layton Helpbox version 4.4.0 fails to use encrypted transport for logging users into the system.
65c129f2aa3caef6fbe2d3cbf9480e7a26059454a9f06e7eb3c1a9a695199165Layton Helpbox version 4.4.0 suffers from an authorization bypass vulnerability.
8d734fa89fe9433ad116e55adc6c356d0f247f3c345dfda0b0958a1e8896b8d4Layton Helpbox version 4.4.0 suffers from multiple remote SQL injection vulnerabilities.
6c5cc1580cd23e491855f8f601ab13345165ca92e85aa068fc7ba33c894be7fcXnView versions 1.99 and 1.99.1 suffers from a heap-based buffer overflow vulnerability. Proof of concept JLS file included.
12f75e008d1e820f5810b663abe9e6f03819746e68bc912e53351dc21ea9a32fThere is a command execution vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops to import and export network configurations. An attacker could execute arbitrary commands with the privileges of the current logged-in user by enticing a Toshiba laptop user to download and execute a crafted CF7 file.
1a28addbea1119b8595d7ce90329399c3a421d1b2c932af1c19cb5566dc660f6There is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file if they manipulate the ProfileName.
05232d34ddffe76d5100c661203316977746d8be7a62f96774f60c7a08b9cadeThere is a stack buffer overflow vulnerability in the Toshiba ConfigFree CF7 file format used on Toshiba laptops. An attacker could execute arbitrary code by enticing a Toshiba laptop user to download and execute a malicious CF7 file.
dc729d72f0909efd4007c17c952629e8a732811f980783d117f4597ca4769c47The administrative directory of Microcart version 1.0 suffers from a cross site scripting vulnerability.
b822f2ee3606abdec8e3d8c1169fd994859e77baee7e7c7873b395f74a283d68Microcart version 1.0 Checkout suffers from multiple cross site scripting vulnerabilities.
10e01b1c87c017a984b968431a262fdf7f0d5932bc6408833c10e6cd532d4310WordPress MF Gig Calendar plugin version 0.9.2 suffers from a cross site scripting vulnerability.
c0e1143e484b74d6ece34e62ebffd227079faf6c38d75dd73c87dd12b2bf6c21Wordpress Download Monitor version 3.3.5.7 suffers from a cross site scripting vulnerability.
62a3d6dc277efb88b7649f9126607e4ef62d62c1c19ec0fb2fabddcef3b89547Group-Office Calendar versions 4.0.71, 4.0.73, and 4.0.88 suffer from a remote SQL injection vulnerability.
75efd32a5429a359441d4ca694173d09e02c6484a233c5fcf825d4647f3814dcGroup-Office version 4.0.71 stores credentials in the clear in cookies.
63d144d75532557bd4e2c7319685e0f502852e50757da183cc38c9429081c7c9There is a file handling denial of service in GIMP (the GNU Image Manipulation Program) for the 'fit' file format affecting all versions (Windows and Linux) up to 2.8.0. A file in the fit format with a malformed 'XTENSION' header will cause a crash in the GIMP program. The flaw is triggered by opening a crafted 'fit' file or allowing the file explorer dialog to preview the file. Proof of concept included.
0341418c409c2905c278b5539d3f0236be8f96cdfce5f9140782b205443ab209IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin (jpeg_ls.dll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code. Proof of concept included. Irfanview Plugins version 4.33 is affected.
cd8bb7da17eb6fd5c44d2f4ceac57a18c44aca435eea690d9247652a97f176d8This Metasploit module exploits a buffer overflow in the script-fu server component on GIMP <= 2.6.12. By sending a specially crafted packet, an attacker may be able to achieve remote code execution under the context of the user. This Metasploit module has been tested on GIMP for Windows from installers provided by Jernej Simoncic.
639458a065dfbd4eece13f18e4a4a8606ca0ea7c1392c33c55adb20317d1bdadThere is a buffer overflow in the script-fu server component of GIMP (the GNU Image Manipulation Program) in all 2.6 versions (Windows and Linux versions) affecting both the script-fu console and the script-fu network server. A crafted msg to the script-fu server overflows a buffer and overwrites several function pointers allowing the attacker to gain control of EIP and potentially execute arbitrary code. Proof of concept code included.
3314be7d12f71ac43757fa38c7b5d582d33d0a31d034dd7a8a87b9037b9edecb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed