gpEasy CMS version 4.0 suffers from a remote shell upload vulnerability.
e6a962ae8b8f243dd6d721a24a57df334654b638a0b15f05c7375f21e7d1860bThe 3Com NBX V3000 phone system firmware was found to have the VxWorks remote debug service enabled. This allows for remotely extracting the contents of device memory over the network. When parsing the contents of memory, it was discovered that the call logs for the system as well as URLs which linked to WAV files containing voice mails that were accessible.
83f9bcf13390d5de35a662b882d55f84b95389bbc98e486345a8b9bca583fb12There is a buffer overflow in libsrtp based on how the function crypto_policy_set_from_profile_for_rtp applies the cryptographic profiles srtp_profile_aes128_cm_sha1_32/srtp_profile_aes256_cm_sha1_32 to a srtp_policy, as shown by the source code of srtp/srtp.c.
112bf3ad2eda5bcd6a0c1e1ed5ede49353a25cf04adb02ff4b6303ee26c6fef2Monkey HTTPD version 1.2.0 suffers from a buffer overflow vulnerability that may result in arbitrary code execution or denial of service.
e95d7c4461031fea05dff249b83585cd183eb5646afab885f06d666b7e6c2ecbCuppa CMS suffers from remote and local file inclusion vulnerabilities.
1a69a262547b1fde2db132b721a60013a5cd8b3c578bd74d70a96f541610f65bCMS Gratis Indonesia version 2.2 Beta 1 suffers from a remote PHP code injection vulnerability.
d5d9e10e13a2a21562a07f38c21d1f17883de814411cf199efd4e1cc59e891c6aCMS version 1.0 suffers from authentication bypass and remote shell upload vulnerabilities.
875ffc473c15baa5846810a8e8bb150911ceee8efcf610bea5bbed80667ad678Dotclear version 2.5 suffers from a cross site scripting vulnerability.
e963b235c2473ba1856c41c979ed4bdb77a01b126752a9d002ff7ec49969440aThe newsroom.cisco.com site suffers from an iframe injection vulnerability.
7c7404d303323b25bef0361335de4f0a9addc36ab366f74f8c9064bbbeac0378SweetRice CMS version 1.2.5 suffers from multiple cross site scripting vulnerabilities.
156065d49f5041b39e8c0bd9573b39af9555b001376a5433c9fd44f984ccde60This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware address (e.g., using IEEE identifiers), such that the benefits of stable addresses can be achieved without sacrificing the privacy of users. The method specified in this document applies to all prefixes a host may be employing, including link-local, global, and unique- local addresses.
aea1ddd79e402a7e6cae6940341f56386d8efe61f639f9142e54a9dda4b93d71Pixelpost version 1.7.3 suffers from a cross site scripting vulnerability.
b12ac8118bf09ea057609691a156e98a4c44163bd47842ab4492b16bad0c61bbPEStudio version 3.69 suffers from a denial of service vulnerability.
894e7f4fc68a36429f7c80e4ae5b799448f3a8f2cf6a057e92074baaf53a4122Telaen versions 1.3.0 and below suffer from cross site scripting, open redirection, and path disclosure vulnerabilities.
5feb4207ecee4e46ec86c9e6ba15c68352eb1601695fd3a1d1125aa7fe8cfbb5SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
3143e1c71803d7c023db29134bb1a2f142de3ebaf7c35d5109204828ddb3b075PHD Help Desk version 2.12 suffers from a remote SQL injection vulnerability.
5bd6713ae091f3a88456a992a6a2c14fd6a5cd823bb577c71eac2b768737e167Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.
3a8323727d389d763075b3fcd116e0a65ff044c84b953eb794d71d58ef587706This exploit dumps an arbitrary file from the filesystem with root level permissions on Seowonintech routers with firmware less than and equal to 2.3.9.
a361e183bb4d71aeac2a13c018d683c22813b4cf4ffebf480914b8997082860a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed