This Metasploit module exploits a vulnerability found in Fitnesse Wiki, version 20140201 and earlier.
ea5185af9eacbf5f8ba32b49f0b348feaf5aeb8b06d576421ac1861e3bd61b62This Metasploit module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user session. After logging in, the "/admin/downloads.php" page will be used to upload arbitrary code.
523ae89437abd95ee2b8adbfe4b6eb79e71f45e8218d4bcec51f35af6aab99d6Debian Linux Security Advisory 2889-1 - An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database.
6c98896315477340680db98e02791077026f5bb90eef2f49e4ff280754b1c63aDebian Linux Security Advisory 2888-1 - Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.
423a0919621086aaccc30b1f280aaa8df27b793c92b30df5b3341a89bb7b74d0Symantec LiveUpdate Administrator versions 2.3.2.99 and below suffer from password reset and remote SQL injection vulnerabilities.
11f001616a25bdfdf4be738bd0ef7f77bf985f9f7a0f5c873331ffa8305ed340LibYAML versions 0.1.5 and below are affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow.
801017e1ff1d3bdeae05eeef0c85d7625a0088eef454bd42667d1a259ef47ff8Ajax Pagination version 1.1 suffers from a local file inclusion vulnerability.
69e08cc5d2ea4848004a83b725d70d5539504575928edebeba5a13590e8b2878HP Security Bulletin HPSBST02968 2 - A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. Revision 2 of this advisory.
381ca615d8d8fface93b274db6423d82a2e18741438d20d4c269d5e2cb2270f8Debian Linux Security Advisory 2887-1 - Aaron Neyer discovered that missing input sanitizing in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message.
a3b48a31da8b85333d9e14e6c946b5b226635072b357a1c97013b03a850b0350iStArtApp FileXChange version 6.2 for iOS suffers from command injection, local file inclusion, and remote shell upload vulnerabilities.
8b098835b2928b1e01d165f8e8bde1efd4aab6d93048b1a9c54783e43ca561bfWordPress HTML Sitemap version 1.2 suffers from a cross site request forgery vulnerability.
201994735e80fa917f6e5059cc2ed56952c108819c09e3f473ea49a528417d57GD Star Rating version 1.9.22 suffers from cross site request forgery, cross site scripting, and remote blind SQL injection vulnerabilities.
796f545fbb705c4802204cc3c44a1363749e626b8c4b713647a53112da55d889Canon PIXMA MX722 printer suffers from a WiFi password disclosure vulnerability.
053f0b5c3da36eac0eb319318f27ed23717cee605d73853ff649d554743a60d9WordPress wp-business-intelligence plugin version 1.0.6 suffers from a remote shell upload vulnerability due to including ofc_upload_image.php.
cfc6ca57ddaae7ce436b3f1dd3b109d8d363bf14d5bbb4a97697b3c2cec8fbffASP-Nuke version 2.0.7 suffers from an open redirect vulnerability.
902da011bf746423d5b241e17da52bd86559dbc0d84acce478a7761e2d717453
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed