Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
ebb1eebe39bcecee02195dc328dd25f6862fc9e9dea4c2e29eae50537d5eb4f2This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.
1b0222ba8ccc40d3c85308ce0622667517301180b99d1570ccc4c4ea8d918333On Microsoft Windows 10 1909, LSASS does not correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user's credentials.
add2a6155569229eb72c46617e93a9349d033f14467cf27d02c0e25d3f347e94Ubuntu Security Notice 4458-1 - Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.
4c21378f5547785a91c122ca0a869ace7a197113022d389224aa2b182dc0d3a3GetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.
075778612c10f536d4c7290644af4418086d7b993e4b199b7293a0ab52418e5eQiHang Media Web Digital Signage version 3.0.9 suffers from a pre-authentication remote code execution vulnerability.
2d547f40fe9cd960f61a9ab06e633a88224fc123c974b59c97a633cbd5eebdacQiHang Media Web Digital Signage version 3.0.9 suffers from an arbitrary file disclosure vulnerability.
a85880f8211498bee02dae8001af36ba4ad2379bea06af68285b23937103a65dQiHang Media Web Digital Signage version 3.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability.
611254b76f7be929179ac3bbb671003526d13c7e5a6794a8b8cbd9445a9a96bcQiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.
618a6277c9e2bd86c29943962b8350b5eb4b1be17b9b50322882b25fcc4979f6QiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.
f96d7582f9ecb335fe5d16e815d27894b4e9b1b96bd020918ef5c8ab3bea047cCar Rental Script from projectworlds.in suffers from a cross site scripting vulnerability. Versions are not provided with this software currently.
9b8931a7cdd6bbe5a1255a07b9ef329805a6398f87271a25618100cfcf035d49Car Rental Script from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.
1be6126b3c521accdf335f500e3ccfed74329e68075435dfe14474c37b354458Online Book Store from projectworlds.in suffers from a cross site scripting vulnerability. Versions are not provided with this software currently.
a2a871d354cdbb0c3a3947542e1add4dbf9f0257a87cb4fe349e417509a7409eOnline Book Store from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.
39bdba6d1357688214210ee4f834b0964caa27b39ff1373d715f1d2eb3ddc240Online Shopping System from projectworlds.in suffers from a remote SQL injection vulnerability. Versions are not provided with this software currently.
cdc2fef809545473ea22bd0f4e21f9739414b25ec2bd2cfd353cb91ba108d64cvBulletin version 5.6.2 suffers from a cross site scripting vulnerability.
9ecbb502c74dcc25b94acca4c4d869e8c562d90358ff917a5d5953a2dd70e92fCMS Made Simple version 2.2.14 suffers from an authenticated shell upload vulnerability.
dfec683841667f70218145ec3220e0b1035d7cd217d4a78f597b5fdeafa9b894
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed