The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xp_cmdshell can be enabled and abused to achieve code execution. This module will either use a provided session number (which can be guessed with an auxiliary module) or attempt to login using a provided username and password - it will also try the default credentials if nothing is provided.
37ab5bd3eec6195dfddf3099592e9cd3aad7e37d04562dd4ebba3cbc36289fe3MatrixSSL suffers from a stack buffer overflow vulnerability when verifying x.509 certificates.
0ccbebf140226df810122f520adfba7097e335f9c1626f1162be12918d0909ffWebKit JSC has an issue where reifyStaticProperty needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter.
8b5b037a7c556813e39c8ace7602b2465e0d1f1bd48644498c3c77c7c30f96e6Ubuntu Security Notice 3866-2 - USN-3866-1 fixed vulnerabilities in Ghostscript. The new Ghostscript version introduced a regression when printing certain page sizes. This update fixes the problem. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
d3b572b9e8dd59539d1f53e077357aac14bc80c5a7b56bc9204c9a39e33d44ecMikroTik RouterOS versions prior to 6.43.12 (stable) and 6.42.12 (long-term) firewall and NAT bypass exploit.
76d8b41f9f478dd81cf50cfdd51f6592ff6a23a044fbd5ad0d719cc3c7cef3acScreenStream version 3.0.15 suffers from a denial of service vulnerability.
80f8bc6d09f3f73b635472cc2a3b5a76617279a448667494a4129e4dde624995C4G Basic Laboratory Information System (BLIS) version 3.4 suffers from a remote SQL injection vulnerability.
105a483e409804b0fff0748e498f8c46b68c513d439a743dd34f7fe6876f970fVirtual VCR Max version .0a suffers from a buffer overflow vulnerability.
21edc1d24274891ee85c0133cca0fcc971802d357249b4f867cef403acaf597fAirDrop version 2.0 suffers from a denial of service vulnerability.
7ad6c43ffaed0009c5c879421a4c957c290c029e10ba022d3e483bb5eeae09adMedical Store Script version 3.0.3 suffers from a cross site scripting vulnerability.
9a1f801acf5c5bce1ff29459f7e08eaf2a58362ad4ce999902e39a814070683dWordPress Village theme version 5.0 suffers from cross site request forgery, backdoor access, and remote SQL injection vulnerabilities.
27adfafedcfe47f73c1954865735f79c81c28a637bc1740b0417e8fa73c37141Typo3 CMS Modern Guestbook tx_veguestbook_pi1 version 3.3.0 suffers from a remote SQL injection vulnerability.
a2dea393d022fd3fa2f6800c76deb936c546eb08ce2d45be2801966f31ac584eJoomla AdsManager component version 3.2.0 suffers from cross site request forgery, database disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
01c4a4784a6d62f40a52fc15f9c5a3368ca70716e3f78820d5e7d3a4534d5d72Drupal Pubdlcnt module version 7.x-1.2 suffers from an open redirection vulnerability.
5a5e2cc4bc34572b323417c64f4e9650678715862a7a81a19fe3a2f57fbcb7ddValentina Studio version 9.0.5 suffers from a buffer overflow vulnerability.
993dc07913420503fd7e4b429c9b0779d6f5e0eed0972d0e32e174e6c0172efaRealTerm Serial Terminal version 2.0.0.70 suffers from an echo port buffer overflow vulnerability.
801b86d255328b3fedc995c0bcbbcc29d2ca3f7b6e8522ecf7a4d5babd746c01EI-Tube version 3.0 suffers from a remote SQL injection vulnerability.
587d00f17a692f0c85c44ba747af330fcc83ab6847b6e816bf0bdda4efbf8e34
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed