This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact" files <c:Url> node param which takes an expected website value, however if an attacker references an executable file it will run that instead without warning instead of performing expected web navigation. This is dangerous and would be unexpected to an end user.
52e7fff8b2469f2e46e7461221da6fa33e56fb572f280f549b64f91c087847d7GL-AR300M-Lite version 2.27 suffers from command injection, file download, and directory traversal vulnerabilities.
9c220137b98425fa5b66ac1679a50818c67ea12d2273b2dfd6e619e3d5fd36d7Roxy Fileman version 1.4.5 suffers from an arbitrary file download vulnerability.
c5c2d45dc567cb6eb279f46afbecebee3da3ce5e0ddee95feceef1aa8552bbd4Coship Wireless Router versions 4.0.0.48, 4.0.0.40, 5.0.0.54, 5.0.0.55, and 10.0.0.49 suffer from an unauthenticated admin password reset vulnerability.
8cf4fa6b17973d26fa8b7033f6326d26dc5c3c9b76556f9b7feb4e784bad0fdeFortiGate FortiOS versions prior to 6.0.3 suffer from an LDAP credential disclosure vulnerability.
9b58e264417085aa0cdd66440bce3e7bf404456ec14f6b215c9ba1ca0eb74588This Metasploit module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. It requires a CLSID string.
5e3f05cf275d9d2ae02e2d4ec7ec57c79e4e8a2edb6c3200d02245aa852d0ddaThis Metasploit module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The org.blueman.Mechanism.EnableNetwork D-Bus interface exposes the set_dhcp_handler function which uses user input in a call to eval, without sanitization, resulting in arbitrary code execution as root. This module has been tested successfully with blueman version 1.23 on Debian 8 Jessie (x64).
85a43e99c894940e1f5253b2c619f91dc4dfc4fda5382f9ab944cf794316f8d4A number of Partial Trust Windows Runtime classes expose the XmlDocument class across process boundaries to less privileged callers which in its current form can be used to elevate privileges and escape the Edge Content LPAC sandbox.
c424c234f0bbbf82e0e97152ab4029060170b5ecdc5e371726a2bbc2a62a4a45The WinRT RestrictedErrorInfo does not correctly check the validity of a handle to a section object which results in closing an unrelated handle which can lead to an elevation of privilege.
7368ae1fbc7a1684f268e0456e118a6d77785b364e0f6b92f66b35659a90b7d1Streamworks Job Scheduler Release 7 has all agents using the same X.509 certificates and keys issued by the vendor for authentication. The processing server component does not check received messages properly for authenticity. Agents installed on servers do not check received messages properly for authenticity. Agents and processing servers are vulnerable to the TLS Heartbleed attack.
8d3ab2a2e1407bcba852d7925fccb15e6610ced1db687ba89dc4e1333028ea6dEuskalHack Security Congress Fourth Edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 180 attendees for this fourth edition. The participants include specialized companies, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. The date for the conference is the 21st and 22nd of June 2019 in the lovely city of Donostia, San Sebastian.
10cda2c1e56b8ff71214fb0e76b94aee173a5bd4df367f6636c51869ea58ef6fMany scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.
7fa072fc8f371c8cc4668eb863810286b6651faaf3b8efdcdeee1bc7d0a40099The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it is missing some cases such as StringCharAt, StringCharCodeAt and GetByVal that might cause a garbage collection via rope strings. As a result, it can lead to a use-after-free condition.
bc8f411013dffe95aeaebd8e26ff3d39ee578b4902d99f8e61e2efdb6d784584ownDMS version 4.7 suffers from a remote SQL injection vulnerability.
a29f20f6703fe6c36fe03fc96c5c4f04dc371255e3894f45c3a4f993da2b6a841Password versions prior to 7.0 suffer from a denial of service vulnerability.
ef142489adece1b1e6f31f1812ddee20236f26a770e4f0a467699df795f8c7daNTPsec version 1.1.2 suffer from a null pointer dereference vulnerability in ntp_control.
b81ba6f1beaa170420ebc0b70461980c9d0d023d7005c5fe2d9b7888f1d87d36NTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ntp_control.
91098aa8aea1e8ef86d75b817008e2b79b289ac2da253fbbfac32b2c82095578WordPress category-page-icons plugin version 3.6.1 suffers from cross site request forgery and remote shell upload vulnerabilities.
ca8ab3912db733d4722a14fa878a451f8517f85dab28ca58db9de271d66fa7faNTPsec version 1.1.2 suffer from a config related out-of-bounds write vulnerability.
6b3433c81fe24dd5ecaf440a32a0aaf724e59d870b7338d082f6f6031434f0ddNTPsec version 1.1.2 suffers from an out-of-bounds read vulnerability in ctl_getitem.
a5e5d13c582d16c594c403824b5b8e67cfc6864c2231bdd1d18a68b31f335c5aWordPress 2013 TwentyThirteen theme version 5.0.3 suffers from an open redirection vulnerability.
17af8d808260cd382bb561a63cd216ad19865d85b01816a105f2f3c8c4691caaDesarrollado por Creator Solution Argentina, Desarrollado por Diaz Creativos Venezuella, Desenvolvido por Ritech Sistemas Brazil, Desarrollado por Rodrigo Guidetti RG21 Argentina, and Criacao sitesrapidos.com.br Web Design Brazil suffer from remote SQL injection vulnerabilities. Desarrollado por Diaz Creativos Venezuella also suffers from a file upload vulnerability.
7f1551c440e4b35038cd546886f8cd2add3bb6648d093aade9dae8762ed8160bAriadna3 Web Design Spain, Desarrollado por C-Diseno Web Design Spain, Desenvolvido por Fidelizarte Web Design Portugal, Desarrollado por OxiGenic Web Design Spain, and Sedinet Web Design Spain suffer from remote SQL injection vulnerabilities.
ac883f9107828f3d57825c0af9d4943308a4415a90ef0fabcb5f9bfca646c32d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed