Ntpdc version 4.2.6p3 suffers from a local buffer overflow vulnerability.
88d7b0cb49729812c8fda28923df10c3This Metasploit module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable cffile line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.
2287ef968db5103fca3148412e85213bDjVuLibre versions 3.5.25.3 and below suffer from an out of bounds access violation vulnerability.
2fc2f05de190584d3fb754e225e0b64dThis Metasploit module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying to blame it.
8f79ebcf3c681e3fdd8995606de782d1Gitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.
ee46caf85f37abd2c3b0838eea3b25adGanib versions 2.3 and below suffer from a remote SQL injection vulnerability.
8f69b07b2fc8cb3184db23c82befcb70This Metasploit module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'db_restore.php' file allows unauthenticated users to execute arbitrary SQL queries. This Metasploit module writes a PHP payload to disk if the following conditions are met: The PHP configuration must have 'display_errors' enabled, Kimai must be configured to use a MySQL database running on localhost; and the MySQL user must have write permission to the Kimai 'temporary' directory.
aec9a8141849e97ce005dc4486ce99e3Dolibarr ERP/CMS version 3.4.0 suffers from a remote SQL injection vulnerability.
2b984835498a9ffbac99c39ab995547aaMSN version 0.98.9 suffers from local file inclusion and remote SQL injection vulnerabilities.
799c535c358309c40c005a50d54bffd2OpenEMM-2013 version 8.10.380.hf13.0.066 suffers from cross site scripting and remote SQL injection vulnerabilities.
0dc344af5b5ec5d81c3857ccb8f0728fASUS RT56U versions 3.0.0.4.360 and below suffer from a remote command injection vulnerability.
2c5192f474b5bbfca2e912fa585f1827PHD Help Desk version 2.12 suffers from a remote SQL injection vulnerability.
8a47292cb45d78061617db6d3fffe2f8Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability.
ab547448d5e955197b1fe4c76b7432eaOpenDocMan version 1.2.6.5 suffers from persistent and reflective cross site scripting vulnerabilities.
64d27b831258808f2aa8fe67b0010d03Ballast Security felt the need to write this paper as almost countless services that we trust with our passwords are handling them irresponsibly. This is a good read for anyone who needs to store password hashes.
6df883bde172ed66055c7172fa4ff6ba
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed