This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.
8127f22354b9daaa2681b4e32dbb870dThis Metasploit module exploits an arbitrary PHP code upload vulnerability in the WordPress ThemePunch Revolution Slider ( revslider ) plugin, version 3.0.95 and prior. The vulnerability allows for arbitrary file upload and remote code execution.
156ad3101d1c589747e54bf76d5a0f07WordPress Ad Buttons plugin version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
e852b9ba527e9d29868c110941c97701WordPress Freshmail plugin versions 1.5.8 and below suffer from multiple remote SQL injection vulnerabilities.
a0c8e159a2f11853051cf2f911ab4867Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.
956d84b58adbd3d0e9b366bb849df648Yahoo eMarketing suffered from a cross site scripting vulnerability.
e21a258a8b372c3fcefd528b7eeeda7cAlbum Streamer version 2.0 suffers from a directory traversal vulnerability.
37e1298dfe7b704bd4660dd9baec1bccWordPress Ultimate Profile Builder plugin version 2.3.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
b3f5807199cf9c2264400f6b795a374eWordPress ClickBank Ads plugin version 1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.
854d8aa6e035bc9bb841486fbf2431f7Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
a22fa7c7dc3ee49d36da1067a374e720WordPress Ultimate Product Catalogue plugin versions 3.1.2 and below suffer from multiple remote SQL injection vulnerabilities.
5a4b2e34e5205fddc3c601855b6848a5BullGuard Antivirus version 15.0.297 suffers from an authentication bypass vulnerability.
f17a6d937cd142efe664265134965554BullGuard Premium Protection version 15.0.297 suffers from an authentication bypass vulnerability.
dac220a2f4fcba022ea3e6e6856b1613BullGuard Internet Security version 15.0.297 suffers from an authentication bypass vulnerability.
cda9840973d28f9360a82ae9b7164180Koala Framework version 3.7 suffers from a cross site scripting vulnerability.
277c429719982b6f1a059d76b14584c9BigAce CMS version 3.0 suffers from a cross site scripting vulnerability.
3f6d541379163839c0ecdc35afa4d466Manage Engine Asset Explorer version 6.10 build 6110 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
a8ea4e7d7e34c2ce795986ac29c3b9dcIBM WebSphere Portal versions 7.0, 6.1.5, and 6.1.0 suffer from a persistent cross site scripting vulnerability.
14a5a911aa04f3ad5e5ff09d71a3698cApple Security Advisory 2015-05-06-1 - Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6 are now available and address memory corruption, information compromise, and unauthorized access vulnerabilities.
bd74877673a60f36f7b986165bded26eWordPress Twenty Fifteen theme version 4.2.1 suffers from a cross site scripting vulnerability.
d9e157b0ae33571fa13c8771c165773dWordPress WP Symposium plugin version 15.1 suffers from a remote SQL injection vulnerability.
247ff320a0c112cbd3355098a57a011bgpEasy CMS version 4.4 suffers from a persistent cross site scripting vulnerability.
ef3088f421da384c4cd12b2403222299WordPress Ad Inserter plugin version 1.5.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
97567eb9adf2f8df4eb066de7d468e3cWordPress Embed-Articles plugin version 7.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
ef1c75d6c95a9725753213ca9c3d7940TORNADO Computer Trading CMS suffers from a remote SQL injection vulnerability.
578f02cfa203ccebade93c429ebefe42
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed