Allied Telesis AT-MCF2000M version 3.0.2 suffers from a local root-level privilege escalation vulnerability.
ff5d7406c17bd8ff7fdbdde80e74244fd325b7101bde127bdef0b679b0c3a63ePM Software Simple Webserver version 2.3-rc1 suffers from a directory traversal vulnerability.
2663bdc531c6611591adc8e749cdf1a7cf2bc800a1b30940b76d2f8744e04abaWHMCS version 5.x suffers from an authentication bypass vulnerability that leverages the cache.
d53f2c4012a4d5108946de6ff528b18152a971b4bcf46cfa3468c753a7282f74This is a mini-php backdoor shell. It has a PHP encoder/decoder, mail bombing functionality, reverse shell, cPanel cracker, and more.
27ad339a1514e347e845b24923cfcd49b2242e7c4f4111ce61e4b88048eb9c3eSimple Machines Forum versions 2.0.3 and below suffer from a path disclosure vulnerability.
30f1040ff99e0f67f1b77894262c84fd5663126aec547c224447e7db57abf887This Metasploit module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are vulnerable. This exploit only works when the php option allow_url_include is set to On (Default Off).
211cc121330742fad11775f13953820e22f2025d773fe3a885e62accdc9e3acdWordPress Xerte Online plugin version 0.32 suffers from a remote shell upload vulnerability.
9e1471059686b4e961c8ac940f2e04b1d4052bceac37ae587baadfee1050b3ceWordPress Uploader plugin version 1.0.4 suffers from a remote shell upload vulnerability.
53b75f19799c13d11b6607cc9cba345c09e212d55444b7c54c4828de32017cb8WordPress ReFlex Gallery plugin version 1.3 suffers from a remote shell upload vulnerability.
5a7972cf9303988631377a1aedd2e7506e0f1d4a9da51cc427459146ada8d3e3Secunia Security Advisory - Joshua Reynolds has discovered a vulnerability in e107, which can be exploited by malicious people to conduct cross-site request forgery attacks.
efeacb2e22f472178930dbca1fa0845ef1e05df4b4ed0941c642cefc4034ca8eSecunia Security Advisory - Aung Khant has discovered a security issue in CubeCart, which can potentially be exploited by malicious people to gain knowledge of sensitive information.
c34f648cebc8d969a1cda801c596db8fdd663bd49e8f1e93ea9f4394e37d85c3Secunia Security Advisory - A vulnerability has been reported in NVIDIA Graphics Drivers for Windows, which can be exploited by malicious users to compromise a vulnerable system.
9fea7e7c2fe16cfb3a9128d36a1b6aaba59efe61a9bbefaa6c3c61f46c0330efSecunia Security Advisory - joernchen has reported a vulnerability in Ruby on Rails, which can be exploited by malicious people to conduct SQL injection attacks.
c53de4a619ff75ae8990ef1770a8d39c81744c7a1334b41d66e116669fe51ba4Secunia Security Advisory - Aung Khant has discovered multiple vulnerabilities in CubeCart, which can be exploited by malicious people to conduct cross-site request forgery and script insertion attacks.
2ff130923b8d8b0dd7dfba1c0004741cd9b82edbd70ad8b4bb43ccac0ca51df7Secunia Security Advisory - A security issue and a vulnerability have been reported in RuggedCom Rugged Operating System, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to hijack a user's session.
e639736114594d150e98f600eec77c2052888640a04c1e380aca3ef11c1eafd6WordPress Shopping Cart version 8.1.14 from Level Four Store Front suffers from remote SQL injection and shell upload vulnerabilities.
951abd74837c5df0549439721f23a575abafcc05749422fca7d29dd93f63fd3fSecunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).
662bab53ab82508f640119860572586ff03692e8b32c59cdb43d90de16c537b9Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Google Doc Embedder plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
1355b85e3fb032f148ffcea35c6bb79fde8bd29c606c78195eae6577c3d2a7b8Secunia Security Advisory - Two vulnerabilities have been discovered in osTicket, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.
be920b656d21cc57f657e490440c753004a928da15a9b442d5d6574e8a140ac0Asterisk Project Security Advisory - Asterisk maintains an internal cache for devices. The device state cache holds the state of each device known to Asterisk, such that consumers of device state information can query for the last known state for a particular device, even if it is not part of an active call. The concept of a device in Asterisk can include things that do not have a physical representation. One way that this currently occurs is when anonymous calls are allowed in Asterisk. A device is automatically created and stored in the cache for each anonymous call that occurs; this is possible in the SIP and IAX2 channel drivers and through channel drivers that utilize the res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). Attackers exploiting this vulnerability can attack an Asterisk system configured to allow anonymous calls by varying the source of the anonymous call, continually adding devices to the device state cache and consuming a system's resources.
773b7fb319c073a4c00909384b60645dea28da3fd585d83a3a36440ff0b98590Asterisk Project Security Advisory - Asterisk has several places where messages received over various network transports may be copied in a single stack allocation. In the case of TCP, since multiple packets in a stream may be concatenated together, this can lead to large allocations that overflow the stack. In the case of SIP, it is possible to do this before a session is established. Keep in mind that SIP over UDP is not affected by this vulnerability. With HTTP and XMPP, a session must first be established before the vulnerability may be exploited. The XMPP vulnerability exists both in the res_jabber.so module in Asterisk 1.8, 10, and 11 as well as the res_xmpp.so module in Asterisk 11.
0eda4a18f48435624a5845545ce7bded4867ce8731fbb4a94114a41619146e72Mandriva Linux Security Advisory 2013-001 - Versions of GnuPG less than or equal to 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing the key. The updated packages have been patched to correct this issue.
98023f4d9132db57090088051e5e2ee2e1a8760b86910a9d1265a08a87f0e5c9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed