UNIT4 Prosoft HRMS version 8.14.230.47 suffers from a cross site scripting vulnerability.
a4f3ec7feceab6a3f99934e46758de2c2efe2b7b713bcda776bb1b9bff55099bLandsknecht Adminsystems CMS version 4.0.1 (dev and beta versions) suffer from cross site request forgery, cross site scripting, and remote file upload vulnerabilities.
4c501213b8e037592e532e7fae3832f0793801bcd2630eba52f3f0dc202b7076HP Security Bulletin HPSBGN03258 1 - A potential security vulnerability has been identified with HP Insight Control server deployment Windows Pre-boot Execution Environment that could be exploited remotely resulting in arbitrary execution of code. This is the vulnerability known as Winshock. HP Insight Control server deployment uses the Windows Automated Installation Kit 2.0 to generate the Windows Pre-boot Execution Environment service operating system. WAIK 2.0 is vulnerable to CVE-2014-6321 (Microsoft Schannel Remote Code Execution vulnerability). This bulletin provides instructions to update the Windows Pre-boot Execution Environment with updates from Microsoft. Revision 1 of this advisory.
fdb36a29c9f919ae18292d8cf51a2c7d25c56db903151def63ed21febd08e1c0A number of NetGear WNDR devices contain an embedded SOAP service that is seemingly for use with the NetGear Genie application. As this SOAP service is implemented by the built-in HTTP / CGI daemon, unauthenticated queries will also be answered over the internet if remote management has been enabled on the device. As a result, affected devices can be interrogated and hijacked with as little as a well placed HTTP query. Proof of concept included.
34b002a3f907250f8f492040b56ddae24228180c80888d6f1fb7b330a3c1d5baA bug in the stock Google email application version 4.4.2.0200 has been found. An attacker can remotely perform an denial of service attack by sending a specially crafted email. No interaction from the user is needed to produce the crash just receive the malicious email.
ac7559e1e73b67d06c92b883f14f41cbf66238ec15aa4ca1bdae29c219ef9c78During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password.
26c45dc9330c4b9106868739be6a04123e25c4881dd15ee9236e856c7b66fbf4Router Hunter is a php script that scans for and exploits DNS change vulnerabilities in Shuttle Tech ADSL Modem-Router 915 WM and D-Link DSL-2740R routers and also exploits the credential disclosure vulnerability in LG DVR LE6016D devices.
9cf69c958fcf9b85f5aff152f7b92ca2f6c7e10bf683c01ea6febad6a68716b9eTouch Samepage version 4.4.0.0.239 suffers from remote SQL injection and arbitrary file read vulnerabilities.
3d132193ed477d7d4ba1937eda3c2f767b2192990404bb7846361beb567d88c6Cit-e-Net version 6 suffers from multiple cross site scripting vulnerabilities.
526bcf6a66b8b5bd0787352fd099676df823fb8295c9426bd68b5ec9306b352aAn unquoted service path vulnerability in Realtek 11n wireless LAN utility allow for privilege escalation.
8edd0b8e4145ca253b1c8218791fcccd4e50c65d89ec06e4fce246341f7908e6vBulletin versions 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3 suffer from a cross site scripting vulnerability.
b4ccb13ef6eef032e7a9d2f031478fe37ff8d9ba120c3811c439050f150fdb47Vanilla Forums versions 2.0 through 2.1.1 suffer from a cross site scripting filter bypass.
886cab150352c4f15528711131df90f73ecf383744e97b0143a136ce58c2861cWordPress Fusion theme version 3.1 suffers from a remote file upload vulnerability.
7e949922af7e084f3e5004bd72e715be162526c75d9eeb904ce6040f218ca1c7Ubuntu Security Notice 2488-2 - USN-2488-1 fixed a vulnerability in ClamAV for Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS. This update provides the corresponding update for Ubuntu 10.04 LTS. Sebastian Andrzej Siewior discovered that ClamAV incorrectly handled certain upack packer files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1ba3829916f38cc8b6f3e2bbeba9b556ef562873a7a035d0f40069446390f3fd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed