NASdeluxe NDL-2400r version 2.01.10 suffers from an OS command injection vulnerability.
df902fffe771a83318d68fb4a1dac2c82339e67536200c100f67b3f129f20ef4NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities.
bf5b9b9d392b13530fe4985e7374bba1178cae9346921dade84d3c31ba0891fcD-Link NAS and DNS series devices suffer from a stored cross site scripting vulnerability leveraged via unauthenticated smb.
9bea630d3d38c702848bb36c64938bc6d9f67aa4a832a9ec706a406f0d228f6dWordPress Count Per Day plugin version 3.5.4 suffers from a cross site scripting vulnerability.
d69f6409f9285b4b341d81988998df80a9629b3685c4fee05a3057a084dfc9e1WordPress FormBuilder version 1.05 suffers from a cross site scripting vulnerability.
c56303663ea7a2852d8c3f6613f639585b306b1f1729381fbaf87f633594ba74K2 Joomla! extension versions prior to 2.7.1 suffer from a cross site scripting vulnerability.
a3fc93581f4ead8a4b1dbb2062c9656ac81bf9a53d8937c89a7c7a7b4db0204fWordPress Events Made Easy plugin versions prior to 1.6.21 suffer from a cross site scripting vulnerability.
5421ba9cbaadc593ea64e1f541c99998a2a70b41120f28aa53dc662db5b65743net2ftp version 1.0 suffers from multiple cross site scripting vulnerabilities.
217f09c68e480e79756201d7d52f3bf0df2ca5e947fe9abbdefc398dfb61a8c5FortiManager (Series) suffers from a bookmark script insertion vulnerability.
6f79162c8a16b34e1b280e48a562fec2fac95f521e43bdc4694bb114f40bfd26WordPress Count Per Day plugin version 3.5.4 suffers from a persistent cross site scripting vulnerability.
f182cd2f3622d02f747476d7f6598b53372149526fcffc8e5ff1ae604c1a4923Vulnerabilities in the SpamCall Activity components of the Samsung Telecom application can crash and reboot a device when a malformed serializable object is passed.
dcc3ab9deaf946489cdf85bad7d76e17c8fdcff1277255be9ef82e1c4a60972cFortiAnalyzer and FortiManager suffer from a client-side cross site scripting vulnerability.
3523161c4af4faddd6893f95b277bde86a92f3df5a0cf403c9955a581c507ce1WordPress Yoast SEO plugin versions prior to 3.4.1 suffer from a stored cross site scripting vulnerability.
b80f18dd61454008092f18d2cf58a5d038b3d8cc61191ec776c2072d67e86c08NetNeedle provides for encrypted control channels and chat sessions that are disguised to look like other common network activity. It only transmits "decoy" data in the "payload" section of any packet, so forensic analysts will only see packets that look identical to ordinary ping or HTTP GET requests. The actual data is encoded in IP headers in fields that typically contain random values. In addition to evasion features, penetration testers can use this tool to maintain control over servers in environments with highly restrictive access lists. Because NetNeedle subverts expectations surrounding network traffic, it enables users to set up back doors that use simple ICMP packets or TCP ports that are already in use. Administrators who believe that they are safe due to "principle of least privilege" access control lists or who believe that ICMP ping is harmless will find themselves sadly mistaken.
56da4a7d0137517d311b0345a3bd36bb779ed022129f6019d8d167245c947157Joomla Video Flow component versions 1.1.3 through 1.1.5 suffer from a remote SQL injection vulnerability.
c6933ed1622fde52df5cb8ec589f674635f3f68310d7cffb2bf313ed22398e5a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed