Backdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named "cmd.dll" under C:\WINDOWS\ which listens on both TCP ports 2003 and 2004. By sending consecutive HTTP PUT requests with large payloads of characters, we can cause buffer overflow.
8f5ab251df42addd482e25bdea7aa8d8This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
77c5903183e5519dfd6d1477ae0018a4Backdoor.Win32.Xtreme.yvp malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.
741ddec159e373a1d7451f1e291cafb5Cockpit version 234 suffers from an unauthenticated server-side request forgery vulnerability.
08a5222d2042e7b178bdc08a8b512ecbBackdoor.Win32.Agent.dcbh malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.
79eaeea64233b9ed3ee2b637042313f9Online Doctor Appointment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
76c223f15acb1a444605758caefc7bb2Whitepaper called Practical PHP Security.
ba9dacc8d65da0f08072dc4b5e4512f6dnsrecon version 0.10.0 suffers from a CSV injection vulnerability.
4bce920f7493baa70e2b5037c9524863Ubuntu Security Notice 4687-1 - A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code.
8b8168d3ee3d2c80f6d055fe05c6c894ECSIMAGING PACS version 6.21.5 suffers from a remote SQL injection vulnerability.
7c262b918f02322cb8ce4f726a471a8aCurfew e-Pass Management System version 1.0 suffers from a cross site scripting vulnerability.
d3793ea721e408dd186835342d6f1817OX App Suite and OX Documents suffer from server-side request forgery and multiple cross site scripting vulnerabilities. Various versions are affected including 7.10.4 and 7.10.3.
2fbb089c8daa5ef915d9f746ea2a73a4Cockpit CMS versions prior to 0.6.1 suffer from a remote code execution vulnerability.
2e84035dfa7fd332be24257ee653f517Life Insurance Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
69c15061f1341d5b67f0075fcd3b91a2WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.
b411262c32d42ec1cbf7382e1a8f4a37This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.
a8332e42d64ab8da484106f4450b83c2Employee Record System version 1.0 suffers from a remote shell upload vulnerability.
743848822029ae69cea3de6909d752daiBall-Baton WRA150N Rom-0 backup suffers from a file disclosure vulnerability.
2a520518522c61411cd4451764df21a9Whitepaper called Ethical Hacking and Penetration Testing Guide. Written in Turkish.
ae55abf53fb2c2ab6ef9f6b1cf481640
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed