GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.
3ebf4d81b9c108e57502040e8018d849ca791f68c50a3e363db8ee6554556d53Ubuntu Security Notice 3012-1 - Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.
ce58c9f63ee02189ccf645ed4f89fd26639c73baac37f0bbea564d04d356fe3dCakePHP Framework versions 3.2.4 and below suffer from a vulnerability that allows users to spoof the source IP address logged by the server.
1622c97f61d826f0b1ac17dd524ddc11ef087ce3f89a0a231f688451fb208d52This Metasploit module exploits a Perl injection vulnerability in Exim versions prior to 4.86.2 given the presence of the "perl_startup" configuration parameter.
9244d1a56ca1a0b4187fc7d9232dd5485fbbf380c0bdb9f35ea79df0019c335aExim versions prior to 4.86.2 suffer from a local root privilege escalation vulnerability. When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges.
c8b37f6ba0c1a3bd66f5d17781dd1c98a33edc213484ca6db8095fef81937ebcGoogle AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability.
6c9916344ebaa174cf5f48cf521868ab0c1c4407426a74e9439a33f3fc409164Google AdWords API PHP client library versions 6.2.0 and below suffer from an arbitrary PHP code execution vulnerability.
718bc4c80011e0f627d4e11bfaf5b3cc7ec9ed3b9d1a3fe0996e87ba5f90a42deBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.
08393363d6670e33368d62daac52944168d2958ae3fd00c5baedaa4999a731b3Kirby CMS versions 2.1.0 and below suffer from an authentication bypass vulnerability via path traversal.
1bb3efe2cbba1438b53a1927c92e2b5311bd0d77bbfc50ad60673508d8670f21Kirby CMS versions 2.1.0 and below suffer from cross site request forgery and remote shell upload vulnerabilities.
80c763cf1e6a51e5e12403863882e4c9a30a3f2bb3fed73058ff2d71eab9e308Zend Framework versions 2.4.2 and below and 1.12.13 and below suffer from an XML external entity injection vulnerability.
cccb5dc964df6b506118b1a8ca7240bbdddcf7b3aded48bd2c1c454e40f791daNRPE version 2.15 remote command execution exploit written in Python.
c268de70bbf269dcf7e9d20818207c8f9d7979d2b3054cdd2d722e64c5890c38Nagios Plugins versions 2.0.2 suffer from a race condition in check_dhcp.
34515f9830172588d1778328a6fadb3d5847b8aa2cf072dc6aece33dec8c2b8eNagios Plugins versions 2.0.1 and below suffer from an arbitrary file read vulnerability via check_dhcp.
06b295d336a8c90eb6729752963778c1daffd50f2c930f399a48e00d05704d46Nagios Remote Plugin Executor (NRPE) versions 2.15 and below suffer from a remote command execution vulnerability.
035764b6de0406994622b53a57f33221624085f4e55263d2f7452b0cfbc8b3edZabbix versions 1.8.1 and below suffer from a remote SQL injection vulnerability. Exploit included.
7cf03746fe3bd3d20e816a8812c54167eb5cc526f5d8a2fbafe232e967dd33ebInvision Power Board versions 3.0.4 and below suffer from local file inclusion and remote SQL injection vulnerabilities. Versions 2.3.6 and below suffer from a remote SQL injection vulnerability.
efe52ce1957cc2103d4b96559bf90231ce74be94e5635eacb7a3a351c7a0837eWordPress versions 2.8.5 and below suffer from an unrestricted file upload vulnerability that allows for PHP code execution.
8a9c0fdb59cc38abd6330f5a1a1a3775ef99f1828bf48d154ae593fee3004135
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed