Real Name | Larry W. Cashdollar |
---|---|
Email address | private |
Website | vapid.dhs.org |
First Active | 1999-11-14 |
Last Active | 2020-07-15 |
XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities.
e7e9c754e4fa53a92070a86a3d88269734cc1335edab813113e839335bc770af
WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities.
174d4b8c6bd2ff775a42f9856e7c4a23ceeb230356f290fe0acf21783052065c
Rooted SSH/SFTP Daemon installs with static default root credentials and does not prompt the user to change them.
04c4d92a411b17314d846f4d2d72d2c504c386afce4fbd9c2181d3687821c1dc
Remote exploit for Elastic Search version 1.1.1 that attempts to read /etc/hosts and /etc/passwd.
9f77dafb99af40f2c2d5742a9434d5f9d672d2a7b83bbada56a2713e609f8b41
Ruby Gem sfpagent version 0.4.14 suffers from a remote command injection vulnerability.
381d86b6c936ec04601fb4ec173464e5e28efd43a987894099a5abbcdeb655d0
Arabic Prawn Ruby gem version 0.0.1 suffers from a remote command injection vulnerability.
c5f02d425c1722103bd1066865763a5f030b1a9c066ab94408f02e058557d56b
WordPress Media File Renamer plugin version 1.7.0 suffers from a cross site scripting vulnerability.
39e43c6d9014a50baafd552c0ee274abc0e783d155db5d4cfef1cd7983dada81
The Bio Basespace SDK 0.1.7 Ruby Gem API client code passes the API_KEY to a curl command. This exposes the api key to the shell and process table. Another user on the system could snag the api key by just monitoring the process table.
d611161b7de257aeced569b86efb86407334ac528739835cfa78af454f079352
Ruby Gem Webbynode version 1.0.5.3 suffers from a remote command injection vulnerability.
bfaa7907aba801776aeefc69d46a1d02c5a36c3932a60c392cd07d6e4f7b0d43
The Try Before You Buy feature in Amazon's Application Store allows an external party to test software prior to download. Poor sandboxing and failed security controls allowed a malicious attacker the ability to perform portscanning of AWS backend services, spawn rogue services in the AWS cloud, and much more.
d565b306507e35d03c17757cc4c999aeb15676ec12278c2bf3d330d3c0b7bde0
Ruby Gem Sprout version 0.7.246 suffers from a command injection vulnerability.
0e6a16e2626b38daf12649fa0ba9330e6959dbf38f464da7f50fa85b91cab217
Ice Cold Apps Servers Ultimate version 6.0.2(12) for Android has no credentials by default and authentication is disabled for telnet/ssh/ftp, allowing remote access to the device's storage.
c0c01528feb7496f118fefa0d1d9c613ae250458d43874a7d8415340fdbd70bb
Ruby Programming Language version 1.7 for iOS suffers from an unauthenticated file upload vulnerability.
49117ffa584a6641af0f6e0eb35c19881e9012e3d2ba442f1e392d3e04e9e543
Perl Programming Language version 1.6 for iOS suffers from an unauthenticated file upload vulnerability.
82f45a8cec71c681994d1f7677a3045e65b9ca71c95f7319e7b7dee148d692d5
Personal Address Book version 2.0 for iOS suffers from an unauthenticated file upload vulnerability.
e7ac6dc4b5192b7ef32a6958064230df219e8fc4a639833ea2487803787e34b6
Lua-Programming Language version 1.6 for iOS suffers from a remote file upload vulnerability.
bb4f88d155d9c74c2279e7d163ac7dff5c0cc5fe6107f2bb1597472784143416
Android FTP Serve version 1.2 exposes the configuration file with full read and write permissions. A malicious party can overwrite the credentials for the administrator and escalate privileges.
3dd744c0f1c0dd5fbffad80344f989d7b3436f5030e2d950967eb38f7e5aca7f
Ruby Gem Features version 0.3.0 suffers from a file injection vulnerability that can lead to cross site scripting.
c7a54aa106b7c9bed756067a2616950105a69b23c99d49249959d5fa0792fbd6
Ruby Gem Fog Dragonfly version 0.8.2 suffers from a remote command injection vulnerability.
ab3491f98a2bc70682b26926ea96e1f3e4c3c966ee732993fde62136ed2c27ca
Ruby Gem Rgpg version 0.2.2 suffers from a remote command injection vulnerability.
c54580488fa386bb799c224ae7cf985b25c183e8936078b05fc68b8cc01bd006
Solaris Recommended Patch Cluster 6/19 suffers from a local root command execution vulnerability on x86.
532e22bc6ff3e644f7b297fffe8d58e1796dc3a75b7965cd74a76062a5280627
Solaris 10 patch cluster suffers from a file clobber vulnerability in /tmp.
03794219b3e100fca16c556ac9f4ccfaad291a40205e4a5a016b11eca6895b3e
Show In Browser 0.0.3 is a Ruby Gem that suffers from a file injection vulnerability, allowing arbitrary text to be opened in a browser.
d8ef5225f129ed45cb3685bdff5c084d39d71818984f62b5fb94e0176be4b90f
Ruby Gem Creme Fraiche version 0.6 suffers from a remote command injection vulnerability due to unsanitized input.
432f99098884e80c6594d67b9edd44d3c6a943e78df04188f65f7a5a60c25b58
Ruby Gem md2pdf suffers from a remote command injection vulnerability.
961566ce1e369fe89fe75f7891fe11b15c66c71e0cc7df7e1c118806ee180d04