KikChat suffers from local file inclusion and remote command execution vulnerabilities.
0fefc791df94702470f534eb7c319bdf9254a296e5a9505420e52df50b9d42a7HP Security Bulletin HPSBMU02872 4 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter Web Tier running on Windows. The vulnerabilities could be exploited resulting in remote disclosure of information and cross site scripting (XSS). Revision 4 of this advisory.
066d6fe8695d2d8a4bbfa8a9f693830bf962a7cc1beb78daaaa2dfa3da42a94fHP Security Bulletin HPSBMU02931 3 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter. The vulnerabilities could be exploited to allow injection of arbitrary code, remote disclosure of privileged Information , improper privilege management and cross site scripting (XSS). Note: The Service Manager and ServiceCenter resolutions below include updated Apache Tomcat, OpenSSL, Oracle JRE that address security issues in those components. Revision 3 of this advisory.
225979d5d04a764134bd865b1003b73366dc334faa7000e44fd0552806f6ba83Ditto Forensic FieldStation versions 2013Oct15a and below suffer from remote command execution, cross site scripting, cross site request forgery, hard-coded credential, and various other vulnerabilities.
df3e62ea52b2c4c9f389b63ca271b8910f8d98956a4658742ef79cc7af486ddcPhone Drive Eightythree version 4.1.1 suffers from local file inclusion, command injection, and remote shell upload vulnerabilities.
d8fd9d38629a05f4f2d3503fdca9cb59932802bc0b930220465cce85922df7faMicrosoft PhotoStory suffers from a cross site scripting vulnerability.
a28bfc6192eee283fc89e1171132bf7f47271fa8391894f76eec1341deb61b3dEvernote for Android suffers from insecure storage of PIN data and bypass of PIN protection vulnerabilities.
d4ec90670f420f077afc1f1d13f17cf6aed8381fff2d28c4df4a6c42bd1b8f2aEvernote on Android can have its one-click setup functionality leveraged maliciously to change a user's password without their knowledge.
ba18b28f54ca2d88cea8523c0e775b385fed288a3a06b92f0fd87c5eef2e2283Ruby Gem Webbynode version 1.0.5.3 suffers from a remote command injection vulnerability.
bfaa7907aba801776aeefc69d46a1d02c5a36c3932a60c392cd07d6e4f7b0d43Microsoft Yammer suffered from multiple cross site scripting vulnerabilities.
ffa493a522284668c4144c5b4d98ae3cb0b8e667db062ea350d352b646b98b01FlashCanvas version 1.5 suffers from a cross site scripting vulnerability.
32b09c3e5bb416688451249b85a453995d5a71712d85eeaae5d2775bfe17393bEMC Connectrix Manager Converged Network Edition (CMCNE) contains vulnerabilities through the servlets which it uses to transfer different types of files for managing firmware on different types of devices. Using these servlets, remote unauthenticated attackers could read and place files from/on the CMCNE server and execute them. Versions 11.2.1, 12.0.1, and 12.0.3 are affected.
7cc357d0906e3c3f63880caee9ef0002c975d0bda594176d1b3fccfd27f4dff7Ring Jordan suffers from a remote SQL injection vulnerability in their administrative functionality. The author has tried to contact the vendor and has received no response. The SQL injection issue allows for authentication bypass.
b0303595796d9f5fd9fd11582864f2c0b8d4f8b08600a13e9711b7fbd093fa52Telmanik CMS version 1.01 suffers from a remote shell upload vulnerability.
c56f47cbdbd567480466a838ad2a346f2ad6aba77864ba331f9655d07cbfa208WordPress WP-Realty third party plugin suffers from a cross site scripting vulnerability. Note that these findings house site-specific data.
68e5167100d03041530d425635011c823f93e89895b31c229d47d02523f7c7ee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed