Appnitro MachForm suffers from remote file upload, remote SQL injection, and path traversal vulnerabilities.
b12919cc6902374a5ee31d11fbf166fdThe mobi_parse_mobiheader function in read.c in libmobi version 0.3 allows remote attackers to cause an information disclosure (heap-buffer-overflow out-of-bounds read) via a crafted mobi file.
9469ae6d3c8ecb0e1f745f2f57a9daaeWordPress Events Calendar plugin version 1.0 suffers from a remote SQL injection vulnerability.
abaaedb0632f9971aa0541e77664b68eUbuntu Security Notice 3586-2 - USN-3586-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 12.04 ESM. Felix Wilhelm discovered that the DHCP client incorrectly handled certain malformed responses. A remote attacker could use this issue to cause the DHCP client to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the dhclient AppArmor profile. Various other issues were also addressed.
ec9c25c8d7d65f1459d5b60f1ae14ab6Joomla Full Social extension version 1.1.0 suffers from a remote SQL injection vulnerability.
e390730803ed9936010dd6758711f33bJoomla JoomOCShop component version 1.0 suffers from a cross site request forgery vulnerability.
21fc86e5e2e20a427580b4f240fa2239DomainMod version 4.09.03 suffers from multiple cross site scripting vulnerabilities.
8fda52cedb22eb2f16b5ccc64b6fe0e9TP-Link TL-WR840N and TL-WR841N suffer from an authentication bypass vulnerability.
4e4752746e00d86550836eadca25362ewww.engelvoelkers.com suffers from a cross site scripting vulnerability.
c6735ebd3b2429471544656ab00806deJoomla jCart for OpenCart component version 2.3.0.2 suffers from a cross site request forgery vulnerability.
424e3be3396834e7fd4fae38f66b8483Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Various other issues were also addressed.
b00a0d7a8bfca8dc02b44351db6c3dccCloudMe Sync versions prior to 1.11.0 SEH buffer overflow exploit with DEP bypass.
8547da89236c8c3b74eafda70902addfwityCMS version 0.6.1 suffers from a cross site scripting vulnerability.
5770f996a8e7a31731f4424364b6428598 bytes small Linux/x86 TCP/5555 bindshell shellcode.
460b0890fcf26db29390427ea3c1ed44Dell EMC RecoverPoint versions prior to 5.1.2 and Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.1.1.3 suffer from command injection, LDAP password leak, and arbitrary file read vulnerabilities.
9df752365ddff28373f9dc6d6b03514fALFTP version 5.31 suffers from a local buffer overflow vulnerability.
f9052011abed690dd610f4161773c333Software Advice version 1.0 suffers from a cross site scripting vulnerability.
0a986a5c276dd229aa681cc3e11c3430JDA Connect suffers from cross site request forgery, JMX interface exposure, and command execution vulnerabilities.
4ce88271645c827b9014f96101c86dd9Accellion Kiteworks versions prior to 2017.01.00 suffer from an authentication bypass vulnerability.
cab63696d1530db7193b2c37c49a1b23JDA Warehouse Management System suffers from buffer overflow, code execution, cross site request forgery, XML external entity injection, file disclosure, remote SQL injection, and various other vulnerabilities.
c68d99599994bc6d49aba4dbe513b57b
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed