A security vulnerability was found in Kaseya VSA file download file functionality. Using this vulnerability an authenticated user in a Kaseya VSA environment is able to download arbitrary files from the server (including source code of Kaseya, the database backups, configuration files, and even windows files). Version R9.2 was found affected.
a9945cf5a3532305e46699a157c53b03bab386f744bdea713fee52330aadad85VTech DigiGo with firmware version 83.60630 fails to perform certificate pinning in some flows.
fbc2e5441ec18dd6ee8c571c38633af18aa0a410698dad29af738dc875633979pfSense version 2.4.1 suffers from a clickjacking vulnerability in the cross site request forgery error page.
10c7dc2c68ccd6c02f31d9c84567ea38b74de4d3783d8156444595cf6c74cee8Xamarin Studio for Mac versions 6.2.1 (build 3) and 6.3 (build 863) suffer from a local privilege escalation vulnerability.
a2f41032628fcb3233d26bea6d30e9def54faf5fca09f48714b2342e3c33ceb0Virtuozzo Power Panel (VZPP) and Automator version 6.1.2 suffers from a buffer over-read vulnerability.
7be26c32161b9c5bdd16002cd161843f760e5431f129b4470ea901ed6ebe8986A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.
50546f158305a6607d2ea38624dad8d3ab66ba8a94154dea7e2eb2e025f51253Western Digital My Cloud with firmware version 2.21.126 suffers from an authentication bypass vulnerability that allows escalation to administrative privileges.
c88ab660fa85b41bb542f8f2b6aed37318c1e0f94c9900423143b3b9734eae97The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.
b97c1f2af9252a37cfcaefbd0f9425ff1c4e40ba1332f9a406279cdaac8df4dbScriptler Jenkins version 2.9 suffers from a cross site scripting vulnerability.
484f0c9f4c2dce6057d71b5b1848deaed56ea83958b0a2b4f3e86290b3c68a16Microsoft Office OneNote 2007 suffers from a dll hijacking vulnerability.
92ffa7b1c72b8b00b7d451ccb6b8cdfe74e1354ccb747dd69a8f8d17fd7b77bfIt was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).
7ea35a8a06080eee5024f0b3b4e9bbcc165e5e2914c82abb99135ab97e6e12f7Western Digital My Cloud suffers from a cross site request forgery vulnerability.
f1e32d8e968407585ee06292217c02999f1e2895ad2428169eed455bb97ada76Western Digital My Cloud suffers from a buffer overflow vulnerability that allows for remote code execution.
ef3db28b5d65198fc1596ad5bd1da3b198bc041b628b4020a65fe4abaae4f4feWestern Digital My Cloud suffers from multiple command injection vulnerabilities.
9d9db6ddc52d6fbe5d8a6f1251995090267e44bb3456666b4cd1502963749ddcWordPress version 4.5.3 Press This Function suffers from a cross site request forgery vulnerability that can cause a denial of service condition.
de145ef3bc873acf8a99d1111a4fd9c6935562c58f6699d854cbf9913dc87e88WordPress version 4.5.3 Audio Playlist suffers from a cross site scripting vulnerability.
5cc091745546ab8480da313fab64c7a103eba0bafc790d9e14a9171c0134e222WordPress Contact Form plugin version 4.0.0 suffers from a cross site scripting vulnerability.
584dc6e15f6a3d8fd4dd2df04a59176bf53f2fe05a39c7749e9ccb90cecf014dWordPress Contact Form Manager plugin suffers from cross site request forgery and cross site scripting vulnerabilities.
de609d4292dcc9ecec778d67effe9ec246ff8261422bac22eb7abbd0ad762702WordPress Popup by Supsystic plugin 1.7.6 suffers from a cross site request forgery vulnerability.
c44f0d7c29e05b7d57e8ef6eaec37a3a1b7d438d1d471473d6154da47e3616eaWordPress Google Analytics Dashboard plugin version 2.1.1 suffers from a cross site scripting vulnerability.
bc9ec119f0a226470311e249f41eb959a98b3b4353374203f0b337db3a302b54WordPress Magic Fields 1 plugin version 1.7.1 suffers from a cross site scripting vulnerability.
aedb2e37c089832d32e0904ab02df9464d1d572fcc56386d16a6ba7140d5a684WordPress Gwolle Guestbook plugin version 1.7.4 suffers from a cross site request forgery vulnerability.
1bd1bc2e04a3905b8fa5ebc638456a3f3b21685782c8f763c38784cf56a21eacWordPress Download Manager plugin version 2.8.99 suffers from a cross site request forgery vulnerability.
20bf543d02c87fe299a9790ac36a738bfe591d5a554f77dc7a8ec09706a75ea8WordPress Simple Ads Manager plugin version 2.9.8.125 suffers from a PHP object injection vulnerability.
ec6251fd0911f4668303757918ecfa10fdca19a8702e8709cfa291d4df22cd8bWordPress Gwolle Guestbook plugin version 1.7.4 suffers from a cross site scripting vulnerability.
ebfdbd9ea0fb21e0483b11584b0d7ff939644db899b28ce795beb44e465e2635
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed