Astaro Security Gateway 7 suffers from a remote code execution vulnerability.
1377404d6b249466fe1bc4911cfd731bb3947f2a0f3dd6149b0273853432793aXYZ Auto Classifieds version 1.0 suffers from a remote SQL injection vulnerability.
8d5048e7a9a8e95164674f667b0a5e0811c93438696e9155a79e8820e403d2a6Consumer Review Script version 1.0 suffers from a remote SQL injection vulnerability.
80ed1a83e0b527160880032abd81c8f3dc27c8049b27946b4d53d7a2c980a175D-Link DIR8xx routers suffer from a credential disclosure vulnerability.
a65afad3a963eddbe03212796670f51a526b5ccad4e442e935894cf0bfd7ad72D-Link DIR8xx routers suffers from a remote root code execution vulnerability.
bd58d21a93bd68d9fb808290aca1ca734e27776fb908194d272237cec784f0c8D-Link DIR8xx routers suffer from a local firmware upload vulnerability.
6c08f86dc3f54b76c0aea0a414462a927f2677b9fc9d7bfc34ab13083a895d90SilverStripe CMS versions 3.5.3 and below suffer from a persistent cross site scripting vulnerability.
961efcc108b40c5b4f971b60fc4a9ce01ff092d356b077d8aa4e4f2b1d6f945fUbiquiti Networks UniFi Cloud Key wwith firmware versions 0.6.4 and below suffer from an authenticated command injection vulnerability.
defe62d41ae432d3349f7dfd03f86ba7dc55eff1d75efec162ec8e57dfb2add1VLC Media Player iOS application version 2.7.8 suffers from a file disclosure vulnerability.
e193c871b8bfbe11c945a7f45034301f1cb2c76667721f6887a8febbaed08f57Ubuntu Security Notice 3416-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to bypass same-origin restrictions, bypass CSP restrictions, obtain sensitive information, spoof the origin of modal alerts, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.
fdeee0c8ca5b6d5ca181a2c52593bd44b8a034640657b761047e4174586887b6IBM Infosphere Information Server / Datastage versions 9.1, 11.3, and 11.5 (including Cloud version 11.5) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities.
ea53053471a3eeb44443432b6095afa188583cf9617704a2e1f792491a59b12aMako Web Server suffers from file disclosure, remote command execution, and server-side request forgery vulnerabilities.
7772922a708fb50556c43e97af1adc13ce64566e4a2386554f32c4bb9f13fc20ACG (Arbitrary Code Guard) in Microsoft Edge is bypassable. The bypass has been tested on Microsoft Edge 40.15063.0.0 running on Windows 10 Enterprise 64-bit with Creators Update (Version 1703, OS build 15063.413).
be1f44546390cca193ef1aff01a301005ed93d7d18025eb795e529774e3bd275This Metasploit module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context 'SYSTEM'.
0aa023366398e0b5fe67252f1cd7499e46c8e4acd3c9b630308fd8668c7e3664Proof of concept exploit for a Microsoft Windows .NET Framework remote code execution vulnerability. It spawns mspaint.
b013d6830fc8697aaf54fd222ebd51096e4bffec850e79387e6a05a9402e1ef1This Metasploit module exploits a command injection vulnerability found within the sync_rserver function in Util.pm. The vulnerability is triggered due to an incomplete blacklist during the parsing of the $uuid parameter. This allows for the escaping of a system command allowing for arbitrary command execution as root.
c5d3cc878780fde621fb0eaa9cf72d1a173e80bb8af8c96151703f11d0f99f4dThis Metasploit module exploits a file upload vulnerability found within Cloudview NMS versions prior to 2.00b. The vulnerability is triggered by sending specialized packets to the server with directory traversal sequences to browse outside of the web root.
e1827b120d87b6594f212dd5b8a68e00064254f33d0e8e0ade054b8ab686c009This Metasploit module exploits a stack based buffer overflow vulnerability found in Dameware Mini Remote Control v4.0. The overflow is caused when sending an overly long username to the DWRCS executable listening on port 6129. The username is read into a strcpy() function causing an overwrite of the return pointer leading to arbitrary code execution.
2ed851c0d5344e61f6b11707f88d95f097e974d5f1349cbebf251d2984413149Carel PlantVisor version 2.4.4 suffers from a directory traversal vulnerability.
24843727412d5938ac625ddc4bb6aab5f7d5861d0d325fc6c554bc97ae658cadICSiteBuilder version 1.1 suffers from a remote SQL injection vulnerability.
d846c3a47125577b643025f567c96c2681811ef4dea5ffe1174c69065ca691d9ICAffiliateTracking version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9a30061775b1807495e3bff4c462930cef6b08569e42276731b5bba20cfd2bd3This Metasploit module exploits a flaw found in Indusoft Web Studio versions 7.1 and below before SP2 Patch 4. This specific flaw allows users to browse outside of the webroot to download files found on the underlying system.
69837ade3b0e068ebe61226b3a690e4667a8c0997588612954ef1a13ff2efc5eThis Metasploit module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft versions 2.1.1.1 and below. The vulnerability is triggered when sending a specially crafted GET request to the server. The location parameter of the GET request is not sanitized and the sendCommand.php script will automatically pull down any file requested
4bbb870204cb160404324362d5f655c2e6ad6e3dcfa95efd62ae7ff34223ceddThis Metasploit module exploits a stack based buffer overflow found in KingScada versions prior to 3.1.2.13. The vulnerability is triggered when sending a specially crafted packet to the 'AlarmServer' (AEserver.exe) service listening on port 12401. During the parsing of the packet the 3rd dword is used as a size value for a memcpy operation which leads to an overflown stack buffer.
372002f341dbcef63350dadde1e01f17c8f3958551e72cc9370cf9d47ca6fe34This Metasploit module exploits a buffer overflow vulnerability found in haneWIN DNS Server versions 1.5.3 and below. The vulnerability is triggered by sending an overly long packet to the victim server. A memcpy function blindly copies user supplied data to a fixed size buffer leading to remote code execution. This Metasploit module was tested against haneWIN DNS 1.5.3.
69375272f6b85af018f67e431cd2eee59a7193612cbbd63b5056a57a70383cd9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed