Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
f14ef8d73fa5f30b57fec51283e6b73eThis Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.
b60b0666592e30c6b174a6e6343f7c54On Microsoft Windows 10 1909, LSASS does not correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user's credentials.
a9c5a593a7fd8beb544d51baa38c1730Ubuntu Security Notice 4458-1 - Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.
7140a6d9fa7d076a14e596e4242f90fdGetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.
b7868197fa770b7cffbd822964b7f528QiHang Media Web Digital Signage version 3.0.9 suffers from a pre-authentication remote code execution vulnerability.
7c248458391a49820ad700528da5bdc1QiHang Media Web Digital Signage version 3.0.9 suffers from an arbitrary file disclosure vulnerability.
4b229bf7159213f08c6c5c724d811ce5QiHang Media Web Digital Signage version 3.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability.
4ec2d17bffc03ecbcdff736a646ec399QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.
a4df03562be6c4ac8f645486ee2b5b2dQiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.
642489cbf934a4731b9a002f38dc0571Car Rental Script from projectworlds.in suffers from a cross site scripting vulnerability. Versions are not provided with this software currently.
c54fadda84fad4b944f42258942bee49Car Rental Script from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.
2e01a55b635c9bfb17fe3f6b96de3983Online Book Store from projectworlds.in suffers from a cross site scripting vulnerability. Versions are not provided with this software currently.
59379692b0998d9478549f62ca32e52fOnline Book Store from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.
757d48894e0ef8c8453eae8239ef8a41Online Shopping System from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.
5cd6ea230e51b30015c5faaf9ec98179vBulletin version 5.6.2 suffers from a cross site scripting vulnerability.
1b6668ec0a558c0fd5cc39154cc3d71dCMS Made Simple version 2.2.14 suffers from an authenticated shell upload vulnerability.
c88d34ecd4d1716eecd2778aa52e4bd3
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed