ProjeQtor version 4.5.2 suffers from a remote shell upload vulnerability.
081258bf82d0ffd88eeb2b6c53406776966e393e12f59c27c56af0870c182791DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
a90aefae7da1aa551b84f0d928a33148efdd96e29752d17dd31962c49fe72368Ubuntu Security Notice 2747-1 - Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges.
93ae91f31f2689b548949ab00e6bc3a4f6a00e3221eb6c715a036784028c2edfOpen Source Point of Sale version 2.3.1 suffers from a persistent cross site scripting vulnerability.
f1671bce7a9da376f8b83740a41aa9d21414efb032bfcb02310d72edd617c40bCollabtive version 2.0 suffers from an arbitrary file upload vulnerability.
b1ee0eb6e9437d18623734420a78d2cd726cde7dca6939be3c5774847879e5a4Mango Automation version 2.6.0 file upload and arbitrary JSP code execution cross site request forgery exploit.
369af63a236f59835ae9d5a84423f18106dbf1b5306ca3dd89941c5d6319d779Mango Automation version 2.6.0 arbitrary command execution cross site request forgery exploit.
b09f9d0d9450a157ee3b553cca92aa462e2f7e2a6ee87d0b4a8ba6fbcc0e4298Mango Automation version 2.6.0 suffers from an information disclosure vulnerability because it contains default configuration for debugging enabled in the '/WEB-INF./web.xml' file (debug=true). An attacker can entice a logged-in user to visit a specially crafted URL which will produce a system exception with stack trace on the Jetty server. When this error occurs, the debug option generates a status page with all the information from the visitor, meaning that the attacker is able to see usernames, password hashes, e-mails and of course, Cookie sessions). Using the generated error, the attacker can easily perform session hijacking and take over the system using previously discovered vulnerabilities by just visiting the status page non-authenticated.
1fbd54960e1a8376a34addc2eda82c308365f46b97f014b96b16a22e077651c6Mango Automation version 2.6.0 arbitrary SQL query execution cross site request forgery exploit.
38d00e0cab4a748a1fcc3245087d28805312e778adcb96788a6049042e972de6Mango Automation version 2.6.0 add administrator cross site request forgery exploit.
3452804cb607c2191e8133952e326e01991ce212c3686cc9fd10f03579695729OrangeHRM versions 3.3.1 and below suffer from an unauthorized data manipulation vulnerability.
1f29e60d43418bbd4fba574abac4e07b014ed91d412c75eedb2deb6a5aa41d16HP Security Bulletin HPSBHF03513 - Potential security vulnerabilities have been identified with certain HP PCs and workstations with Windows and Linux running the NVidia Graphics Driver. The vulnerabilities could be locally exploited resulting in Denial of Service (DoS) and elevation of privilege. Note: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android based NVIDIA Tegra products. Revision 1 of this advisory.
ec26c4604b9de2314879b4fe75f99245c83a0fb1824494b34d2637127bf7aa05My.WiFi USB Drive version 1.0 suffers from a file inclusion vulnerability.
291d895c909d0e7e884d9e3475bc4fd0693023383eef111c66707bcae766d782Flowdock API suffers from a malicious script insertion vulnerability.
a3b7855c7e90fcf4c75103af35130d53982d9d62505e762c85e860f5faf3646dNodeBB version 0.8.2 suffers from a cross site scripting vulnerability.
d57f11bfe70287dfffacacdc169c4b777ffa00972b7da86b4dc99814bccfc23fThe encryption scheme used by Mikrotik's Webfig terminal software as seen on the RB750GL running RouterOS version 6.18 is susceptible to offline brute force attacks that allow a third party to recover login credentials (username and password) as well as full decryption of the terminal session. Full write up and proof of concept tools are included in this archive.
d0d1affb518b37657fed9af631a57aa3813a11d020ea75cb33748ab31aba0ae0Mango Automation version 2.6.0 is prone to a reflected cross site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'username' POST parameter in the 'login.htm' script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session.
41ab244aefa7fced98821ec993549932a6899a590c057be0463567b385b9e724Mango Automation version 2.6.0 suffers from a user enumeration weakness vulnerability.
537cc8a30faefec691fd5f8e0974b8ccb201b1d73876b4069c8f983045648729ssh-agent.exe in Git version 1.9.5 suffers from a buffer overflow vulnerability.
ce634473f825d0f57046db4dc9958352e6697eedb52ff14a9efa1297a55a6652Telegram version 3.2 suffers from a denial of service vulnerability.
90996d03212ed2c75f8fd0f227cfaaa7bd7b0fa0b0abb5f28d2eebcc8b3de810This is a short write-up of the Ubuntu Apport kernel_crashdump symlink vulnerabilities along with some proof of concept code.
6ad9dbf653da822a763a4a0ee8845d1ea92def27b988d96ac422f942ecd40aacSuricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
4a19214d7673f9c0eba2e4e5ac78152309464186d16df48944b8f5644faa802dThis Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the 'nobody' user.
f3ce91f963a609ee2afb35c805a8185b216151f2f25fca139375b42759d02476This Metasploit module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes.
7c6decaff907ef3b9b1bb529a51ba19b1033c58a2df89c836c3f0ff8739caa9fX2Engine version 4.2 suffers from cross site request forgery vulnerabilities.
3ff64763cff039036ce49876b8feba0377dcadb9b0e71850c458529d2d4b3ba5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed