MediaCast versions 8 and below suffer from a vulnerability that allows for the disclosure of previously cached Active Directory credentials.
c88fa381d0da7f60a5a8607c0a502f70e3ca22558705e751c96e78bcd92f858aAT-TFTP Server version 1.18 suffers from a remote denial of service vulnerability. Proof of concept exploit is included.
072356984ca8faefce1723f3102ee7b8a3127843c984c8180efac28c181306aeThe Service account used for the Kaspersky Administration Kit and its functionality allow for attacks on other hosts in the network.
b585dc3095a18907a4e028c2b7199b468998223fdbe4a03c06b60f7ede4310b8A remote SQL injection vulnerability in mySeatXT version 0.1781 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
027c040aefe3cce4d941812b454320797ec0935118cbc79f575a7cd766c3f745A local file inclusion vulnerability in OrangeHRM version 2.6.3 can be exploited to include arbitrary files.
904f19ed1c7d78e937be6a1e3e37907f31490b70b77fa966d4f097d84f44537cPublishing Technology suffers from a remote blind SQL injection vulnerability.
4484210dc3dc2c7e5ae4ceae9b0c1f10b5c60d04a636ba8bc8f415e7b515fed3A remote SQL injection vulnerability in phpMyChat Plus version 1.93 can be exploited to extract arbitrary data.
74db3035ec2bf971a33ef4161634f2f27af0d47df247933f63d90810de555defA reflected cross site scripting vulnerability in phpMyChat Plus version 1.93 can be exploited to execute arbitrary JavaScript.
457aeb746421475c9817a831b496f445a2a28d1e0ecb0d84f283577bfbc3d397A reflected cross site scripting vulnerability in TemaTres version 1.3 can be exploited to execute arbitrary JavaScript.
cca51d2fe24e65e79aa40b59ff941ac3fcde1a49e8678ad19e81ca640616f4ddA reflected cross site scripting vulnerability in webERP version 4.03.8 can be exploited to execute arbitrary JavaScript.
319298e6d568adf1f967836d0094304409c0db8ab76287d7cd60d4b785af7190T50 Sukhoi PAK FA Mixed Packet Injector (f.k.a. F22 Raptor) is a tool designed to perform "Stress Testing". It is a powerful and an unique packet injection tool. The author has added in some anti-kiddo tricks.
80f68d67528814b6f2516915067c0d6a66ade4ee9ca86e4b79355e57a18fdfbehtml_edit CMS versions 3.1.9 and below suffer from a cross site scripting vulnerability.
e63a273bc376cde13d7e11dc2f79a87a1b10296f919cbf939b995614e7be0e7dMoscrack is intended to facilitate the use of a WPA cracker on a cluster. Currently, it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc. are all handled for you. Moscrack is designed to be run for long periods of time (days, weeks, or more).
6264c658b35443b0abef0c3dc2b58d0e401c4637a21dee626b12c9027294bf3cSaudisoftech suffers from a remote SQL injection vulnerability in detail.php.
9f290b9660062669b4fb65b4d14389159b85fda8bd8559d507dd859e6706ca66SoftMP3 suffers from a remote SQL injection vulnerability.
3e3fa9a3112dc4fcb3d914db99f6e43ca588fc500f2d4146a431755c17758bc7Webmin versions 1.540 and below suffer from a cross site scripting vulnerability that allows for remote command execution.
79ce7134a3ef970d8a21e29d564f22919b1a69160445b954a449d17e00f80f9dHP Security Bulletin HPSBMA02667 SSRT100464 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) and HTML injection. Revision 1 of this advisory.
0cb03747a2b863b1791ac1d790b4cf2d41807c01f062ae1537b21bd88145c70bb2evolution version 4.0.5 suffers from a remote file inclusion vulnerability.
121ce4a54587185de752cf9aa2ed560fcbe8a5f05914cc6ff660d0b7242c2cf3Xilisoft Video Converter Ultimate suffers from a DLL hijacking vulnerability.
d575cd635032e4b85083c0a1042a9574353dda3180bbe543e37d46b25a286d92This Metasploit module exploits a stack-based buffer overflow vulnerability in version 3.0 of ediSys Corp.'s eZip Wizard. In order for the command to be executed, an attacker must convince someone to open a specially crafted zip file with eZip Wizard, and access the specially file via double-clicking it. By doing so, an attacker can execute arbitrary code as the victim user.
f7cf6b8da01815b33b60d03bf75a15fdc34e7db6f1efa9610628e431ece1a389The messaging used in failed login attempts in WordPress allows for user enumeration.
f48de67dabdc3e6987b8be56f8bdf8cf2efffaaac5d0ff60456f0e5349566759eXPert PDF Editor version 7 Professional null heap proof of concept exploit.
71168f53e088408cc1eb223d29435ea82c7017a1a30f9a3ad8d83fcd4913bce0RealPlayer 11 Browser suffers from an active-x related arbitrary code execution vulnerability.
3041d88706bdccc492fbfd8545e6fddf5b77cebe36dd9af230eddebce1330ee3HP Security Bulletin HPSBMA02666 SSRT100434 - A potential security vulnerability has been identified with HP Network Automation running on Linux, Solaris, and Windows. This vulnerability could be exploited remotely resulting in information disclosure. Revision 1 of this advisory.
926766532b7922eacc62a5c527657e0abb95f69d85d17990bfb73ba012c76806Maxthon Browser version 3.22.2000 denial of service exploit.
f20cf6ccd1a1006dc09e72d09a12d50301cad02bbba41adeaf69633dbe11e718
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed