| Real Name | Yorick Koster |
|---|---|
| Email address | private |
| Website | nl.linkedin.com/in/yorickkoster |
| First Active | 2009-07-17 |
| Last Active | 2020-09-30 |
Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.
f3f389a36fe31dac25043a5e92d7942a029fddff9e00419ed4f652efc9e5e14cThis Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker to execute arbitrary code in the WebGUI. Since the WebGUI runs as the root user, this will result in a full compromise of the pfSense instance.
d1034b0f46efb18bcec5b48f5aea0d3d693eeb2861362d95cc694e2c5acf247fThis Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file. The PATH option must be an absolute path to a writeable directory which is indexed for searching. If no PATH is specified, the module defaults to %USERPROFILE%.
81346e7020afd7e94a6d9b253a4b2b5b1c2eba12306e57cf746fb11c43f51e4bXamarin Studio for Mac versions 6.2.1 (build 3) and 6.3 (build 863) suffer from a local privilege escalation vulnerability.
a2f41032628fcb3233d26bea6d30e9def54faf5fca09f48714b2342e3c33ceb0This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except in an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the Control Panel. This is enough to bypass the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary DLL file.
63ff862692b9e1b52aec2b632659c94eIt was found that the loader application bundled with InsomniaX can be used to load arbitrary Kernel Extensions (kext). The loader is normally used to load a kext file that is needed to disable the Lid Sleep. A flaw has been found in the loader that allows a local attacker to load (or unload) any arbitrary kext file. Version 2.1.8 is affected.
f28199946230e4daa1642242d33d9ca9f4e85aea826651a5cc95372e3d523473This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.
42e48276927339958a36dbb2f1b6e10a0ccdc795bdf63b73b3596ebd982b5dacA vulnerability was found in the SyntaxHighlight MediaWiki extension. Using this vulnerability it is possible for an anonymous attacker to pass arbitrary options to the Pygments library. By specifying specially crafted options, it is possible for an attacker to trigger a (stored) cross site scripting condition. In addition, it allows the creating of arbitrary files containing user-controllable data. Depending on the server configuration, this can be used by an anonymous attacker to execute arbitrary PHP code. This issue was tested on SyntaxHighlight version 2.0 as bundled with MediaWiki version 1.28.0.
50546f158305a6607d2ea38624dad8d3ab66ba8a94154dea7e2eb2e025f51253The FTP/SSH form functionality of WordPress was found to be vulnerable to cross site request forgery. WordPress versions 4.5.3 through 4.7.4 are affected.
b97c1f2af9252a37cfcaefbd0f9425ff1c4e40ba1332f9a406279cdaac8df4dbMicrosoft Office OneNote 2007 suffers from a dll hijacking vulnerability.
92ffa7b1c72b8b00b7d451ccb6b8cdfe74e1354ccb747dd69a8f8d17fd7b77bfWordPress version 4.5.3 Audio Playlist suffers from a cross site scripting vulnerability.
5cc091745546ab8480da313fab64c7a103eba0bafc790d9e14a9171c0134e222WordPress Google Analytics Dashboard plugin version 2.1.1 suffers from a cross site scripting vulnerability.
bc9ec119f0a226470311e249f41eb959a98b3b4353374203f0b337db3a302b54WordPress Simple Ads Manager plugin version 2.9.8.125 suffers from a PHP object injection vulnerability.
ec6251fd0911f4668303757918ecfa10fdca19a8702e8709cfa291d4df22cd8bWordPress Global Content Blocks plugin version 2.1.5 suffers from a cross site request forgery vulnerability.
0f2b9abeb8b770a6bc6a9870916904a2c4d2bfff9701bd7c0c0df561111e1a69WordPress Trust Form plugin version 2.0 suffers from a cross site scripting vulnerability.
f0520b62eba5142812d52e24b0842400be91238307a22751b2fc0270207501f7WordPress Analytics Stats Counter Statistics plugin version 1.2.2.5 suffers from a PHP object injection vulnerability.
d1935f94c13d237a769e00666940587d42964a0f386dbc6ac59063ea3b38e413WordPress WP-Filebase Download Manager plugin version 3.4.4 suffers from a cross site scripting vulnerability.
979fbbeecfa00a214223f001ac5c8d271726113e0cf0f2b7d1d6a1a6d7cb5942WordPress InfiniteWP Client plugin versions 1.5.1.3 and 1.6.0 suffer from a PHP object injection vulnerability.
74ff5245b2d5c61d42d72ec48e5ef102ec8f33a14a671e780a71faac3de023c7WordPress CMS Command Client plugin version 2.21 suffer from a PHP object injection vulnerability.
7625040df4e8cd693c4e1f946eb49f919e552143bf24eb14f8dfd937809d5dd3WordPress Google Forms plugin versions 0.8 through 0.87 suffer from a PHP object injection vulnerability.
ae94630680f1e42c5eeb8f1edcd5f27fe6bcea14d0a2979fd4b00f7a0817a4a2WordPress Insert Html Snippet plugin version 1.2 suffers from a cross site request forgery vulnerability.
88cdb0cc08fc0716a77ecedb0dcebc1babd0f1b3b9aff65d890c24afc0b2ffb3WordPress Canvas - Shortcodes plugin version 1.92 suffers from a persistent cross site scripting vulnerability.
df2444b47f4a472964932e55ac22ed373bde66c7f0329b98e3a724aa42845768WordPress All In One WP Security and Firewall plugin versions 4.1.4 through 4.1.9 suffer from a cross site scripting vulnerability.
529e84cd77541f83b0ed65669edd6479516fab6293f7fc579a4115aa74f2d889Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
54a85ca989c4eaff178f934a3bf1f889b5563dba98e78c59197f8309e65b7406WordPress Quotes Collection plugin version 2.0.5 suffers from a cross site scripting vulnerability.
3e714101167947eb893acf037ef84d9ed96b9fc784119af58b4e11c5506a768a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed