The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xp_cmdshell can be enabled and abused to achieve code execution. This module will either use a provided session number (which can be guessed with an auxiliary module) or attempt to login using a provided username and password - it will also try the default credentials if nothing is provided.
37ab5bd3eec6195dfddf3099592e9cd3aad7e37d04562dd4ebba3cbc36289fe3
MatrixSSL suffers from a stack buffer overflow vulnerability when verifying x.509 certificates.
0ccbebf140226df810122f520adfba7097e335f9c1626f1162be12918d0909ff
WebKit JSC has an issue where reifyStaticProperty needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter.
8b5b037a7c556813e39c8ace7602b2465e0d1f1bd48644498c3c77c7c30f96e6
Ubuntu Security Notice 3866-2 - USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
d3b572b9e8dd59539d1f53e077357aac14bc80c5a7b56bc9204c9a39e33d44ec
MikroTik RouterOS versions prior to 6.43.12 (stable) and 6.42.12 (long-term) firewall and NAT bypass exploit.
76d8b41f9f478dd81cf50cfdd51f6592ff6a23a044fbd5ad0d719cc3c7cef3ac
ScreenStream version 3.0.15 suffers from a denial of service vulnerability.
80f8bc6d09f3f73b635472cc2a3b5a76617279a448667494a4129e4dde624995
C4G Basic Laboratory Information System (BLIS) version 3.4 suffers from a remote SQL injection vulnerability.
105a483e409804b0fff0748e498f8c46b68c513d439a743dd34f7fe6876f970f
Virtual VCR Max version .0a suffers from a buffer overflow vulnerability.
21edc1d24274891ee85c0133cca0fcc971802d357249b4f867cef403acaf597f
AirDrop version 2.0 suffers from a denial of service vulnerability.
7ad6c43ffaed0009c5c879421a4c957c290c029e10ba022d3e483bb5eeae09ad
Medical Store Script version 3.0.3 suffers from a cross site scripting vulnerability.
9a1f801acf5c5bce1ff29459f7e08eaf2a58362ad4ce999902e39a814070683d
WordPress Village theme version 5.0 suffers from cross site request forgery, backdoor access, and remote SQL injection vulnerabilities.
27adfafedcfe47f73c1954865735f79c81c28a637bc1740b0417e8fa73c37141
Typo3 CMS Modern Guestbook tx_veguestbook_pi1 version 3.3.0 suffers from a remote SQL injection vulnerability.
a2dea393d022fd3fa2f6800c76deb936c546eb08ce2d45be2801966f31ac584e
Joomla AdsManager component version 3.2.0 suffers from cross site request forgery, database disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
01c4a4784a6d62f40a52fc15f9c5a3368ca70716e3f78820d5e7d3a4534d5d72
Drupal Pubdlcnt module version 7.x-1.2 suffers from an open redirection vulnerability.
5a5e2cc4bc34572b323417c64f4e9650678715862a7a81a19fe3a2f57fbcb7dd
Valentina Studio version 9.0.5 suffers from a buffer overflow vulnerability.
993dc07913420503fd7e4b429c9b0779d6f5e0eed0972d0e32e174e6c0172efa
RealTerm Serial Terminal version 2.0.0.70 suffers from an echo port buffer overflow vulnerability.
801b86d255328b3fedc995c0bcbbcc29d2ca3f7b6e8522ecf7a4d5babd746c01
EI-Tube version 3.0 suffers from a remote SQL injection vulnerability.
587d00f17a692f0c85c44ba747af330fcc83ab6847b6e816bf0bdda4efbf8e34