WordPress Image Export plugin version 1.1 suffers from an arbitrary file download vulnerability.
f5dbd9b328b410e55ced6b1b19e5fa2738b42682e045d966972cc9e7585402e1Joomla Docman suffers from full path disclosure and local file inclusion vulnerabilities.
2035df9be9103e5e7731bca557187aa16e61e414a6b55770d4e589c8c6d8cbbfKaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities.
8f81d492c8f92ef800d091dc7a9b9b4e65c6a0776aa789f26d9207772f0843d5PFSense version 2.2.2 suffers from a cross site scripting vulnerability.
b41b9c68576f0be0722976059ed088c83310cca21a4d01f12703068087ad1bccArticleFR version 3.0.6 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
fc4cceecf98e26b34c3709337914564c092fc67141584a9307de989d67ef1162ArticleFR suffers from multiple stored cross site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter 'name' in Categories, POST parameters 'title' and 'rel' in Links and GET parameter 'url' in PingServers module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.6 is affected.
97577b9ace469f43b13d8ce2548ca3144fe75dccb6067e8bf74ca67d2b2dbe4fPanda Kernel Memory Access Driver does not validate the size of data to be copied to both an allocated kernel paged pool buffer and to an allocated non-paged pool buffer. Furthermore, the attacker has control over the start-to-copy index regarding the non-paged pool buffer which allows an attacker to corrupt a kernel object with more precision, and control the EIP via a hijacked function pointer.
017a81162eb94fe7a9a71b19ac47e7b58ea849b57dcaba936c68c4e615a3aa90The SAP Afaria Windows client software installs with weak default permissions that grant read and write permissions to the Everyone group to the install folder. Versions 7.0.6398.0 is affected.
f55a7dc136213d822d2d50e86eefeb0e200654f4242fdea8ec5a678e31edaa9eSAP ECC uses binaries that are executed with elevated privileges (SetGID and SetUID programs) that have been compiled in manner that means they searched for libraries in insecure locations.
dda76ea46a15e7f7868621a6ca1e393d8ba4ac5999ea0d317aec6164f94be550WordPress Plotly plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
8c8ecc962a319c7bfa3171c85e8bd93531f424c4f1101eaddd89bbe50f29c468Pimcore CMS build 3450 suffers from a remote SQL injection vulnerability.
f7b0a644408b713c75a3b2b6813d047888f1cc7dda004eb2ff27ab376715fb66phpVibe version 4.0 suffers from an arbitrary file disclosure vulnerability.
872cb632d10ee1d392d46059c45f959ef8b2d1c387db7d3980d10e5df1f17249Pimcore CMS build 3450 suffers from an issues where it is possible for an administrative user with the 'assets' permission to overwrite system configuration files via exploiting a directory traversal vulnerability.
ab88a54c96cee261f04972545556b484aa577fdfae39c4f1a28989afe29b7997This whitepaper deals with local privilege escalation attacks via exploiting vulnerabilities in the client management software Empirum.
976d9cf9503cd3beaddb146f9507ee3529d1b82a6712b2cdc7b7ce1b67ac583aThe WordPress Eventbrite Tickets plugin from The Events Calendar version 3.9.6 suffers from a cross site scripting vulnerability.
9d007e52a0aca85109b108602e13c60f95a5b63d24894f873375bcaaa6a3c02fThe AjaxControlToolkit prior to version 15.1 has a file upload directory traversal vulnerability which on a poorly configured web server can lead to remote code execution.
3ecb8a9a5021d70b1e7c79052e7ca74b09b23fe34ddae56eae4bc7ed860ab73eSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
7314c7a33e39371cd2b97e6ad6effe66cd46811ce446554bda0d310bfd83be12FreiChat version 9.6 suffers from a remote SQL injection vulnerability.
340c717fd761abf304ec7c246e204eb9f11ad8a6f4c06aabb383e69a76994e3asysPass versions 1.0.9 and below suffer from a remote SQL injection vulnerability.
6b3b7dbe62538e63e5bf0114ba91c34d647ba966aa039a58a9ad1fad1a067addWordPress WP-PowerPlayGallery plugin version 3.3 suffers from remote file upload and remote SQL injection vulnerabilities.
9f8d10108d02ae3286eb0f5ff0f4e6c51b291455c43a4e920c4dd937fcc5c9a4WordPress Floating Social Bar version 1.1.5 suffers from a cross site scripting vulnerability.
e3d25f5373a83dae455e18baf666848ac55bb72a48e1200252f0f83bc659910dThis whitepaper deals with local privilege escalation attacks via exploiting vulnerabilities in the client management software FrontRange DSM.
08ece3edf3aa93e1fde88c8522d035bcfa58b66f09c695d34999e853118ef852Full Player version 8.2.1 memory corruption proof of concept exploit.
c07c5de0d2f58a49ab68f2ed72732c09a5adb03c0074d5688bb13c2ad8c5fe3b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed