Parallels Desktop version 12.2.0 and below suffer from a vulnerability that allows remote file sharing to be leveraged against the host operating system for arbitrary code execution.
20f05e1f4b6a4f65d125f5a8ba0c4d1db98f6c67c405f800c3ed1357546a6d0fRemote attackers can abuse the "Subscribe to Podcast" feature of Subsonic 6.1.1 to store persistent XSS payloadsif an authenticated user clicks a malicious link or visits an attacker controlled webpage.
ccbff854c80967e2cd461d551d2bbb45860d52ba6f9974d2d72d5544d987a48bSubsonic 6.1.1 import playlist feature is susceptible to an XML External Entity attack via import of a malicious .XSPF playlist file.
1785d67006592ca1aebed74e108868e2aadc2c36f565e3ed4e6a0527106e6ae0Remote attackers can abuse the Podcast feature of subsonic to launch Server Side Request Forgery attacks from the subsonic server if an authenticated user clicks a malicious link or visits an attacker controlled webpage.
4f9d59342482e64d296984fe2885074b7464963e5822f6ca6a1b83f9436de530Subsonic media streaming server can allow a remote attacker to reset account passwords if usernames are known and victims click a malicious link.
bcd5ae688fdc12f8337e1dbad726d591040b4939266ce121f9836dc835414919WordPress WP-Testimonials plugin versions prior to 3.4.1 suffer from a remote SQL injection vulnerability.
5f3668847ef1a11cc270bf37df3bb5c4305f805669f8c109492fe7c7c0b943a0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed