In certain versions of the DM FileManager Wordpress Plugin, the security_file parameter does not correctly check the source of a file before including it, leading to a remote file inclusion vulnerability that can be leveraged to gain remote code execution.
41fbdd0b4c17113fac05e11bebc41175e9551ce9772141ef01a6e7e1db1f5db0DMIS:CRI LMS version 2.0 suffers from a remote SQL injection vulnerability.
c7a9be978c284812022ebcd2e5b8b7e1823bf359cdbbc4d9eabfafd973395e9eDANGEROUS MAILER-CLONED version 2.0 suffers from an information leakage vulnerability.
f03de4c422ac25cb41a8b39e9d9538bb67cf2f33c39a55e2b1808c8e26ab5956DMCA.com suffers from improper access control, persistent cross site scripting, and improper input validation vulnerabilities.
f9c2e08984f6bc9930ffb841c085d3f0b8e12d90c94c81c7a3fe48baafd08bd8Document Management System version 1.0 remote SQL injection exploit that deploys a web shell.
e8d80953b2ef01723266a3371f3a2c5a42156162d5474910c8ea7602487dd2d5DMA Radius Manager version 4.4.0 suffers from a cross site request forgery vulnerability.
25570c0aa698b906c3b618a0ca6984fc513a5ae0f965072e74f4f0817fc6e33fDirectory Management System (DMS) version 1.0 suffers from multiple remote SQL Injection vulnerabilities, one of which allows for authentication bypass.
1c5ccd3cb8bc1a801eb6a51f1efb9f50e49a281cdb08471b3a9eda42e98b2036DesignMasterEvents CMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
68ddabd38ad26973fa944fdad5a667cbba331245d7a590161e74580d356dcbb6Dongyoung Media DM-AP240T/W wireless access point remote configuration disclosure exploit.
ef1eae3b263859fd8c540ace252ed090d0517421b2a25b6fb263b3b199cf9d56Dialog Mobile Broadband version 23.015.11.01.297 suffers from a dll hijacking vulnerability.
3f8c59e33b8267ad740a31fd21ae62122d786275ce1e9fcfc12668bdf7cb0e5fThis Metasploit module exploits a stack based buffer overflow vulnerability found in Dameware Mini Remote Control v4.0. The overflow is caused when sending an overly long username to the DWRCS executable listening on port 6129. The username is read into a strcpy() function causing an overwrite of the return pointer leading to arbitrary code execution.
2ed851c0d5344e61f6b11707f88d95f097e974d5f1349cbebf251d2984413149Red Hat Security Advisory 2017-0828-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
00467cc0e988c9452be87a440a31378395c47a524e29b18e36a39f054bd1d921Red Hat Security Advisory 2017-0829-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.14. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
83457723b5ca7fb838a6340f8c7e212d5d0f8c129402069c03f2ad85fd11962eRed Hat Security Advisory 2017-0826-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
73bf894fa16361823fc56e1cb8dcc287aa9eebd789142feccbe1ccaf70378f38Red Hat Security Advisory 2017-0827-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
1074c99d39267838d38354b6fc61ef4f435aa84901aefcfa84827de37a6a65b8Red Hat Security Advisory 2017-0517-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
918673f3184d19ca65432b4dd2a898daa11845ad3972723706ee8c318b509fcbDomains Marketplace Script version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0c34bd51c02224f90370e0475699e7aaa698013d4b60cdfacf93ba79ece8e68fDMA Radius Manager versions 4.1.5 and below suffer from a cross site request forgery vulnerability.
08e9e09c8a266941fa5e15bd3bcbeb12102fb65acd809a60445e63f710a03643DMarket version 1.0 suffers from a remote PHP code injection vulnerability.
5d5ecdeb84b7f814206a4385932249068e342d09a297bcb51226363cd73728bdDMPIndia CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
52fb3c5345c19f8da402e7d96ef769c5f1f4bd40c8f405ebcb544c088432b521DM Filemanager version 3.9.11 suffers from a remote shell upload vulnerability.
904489762eb37640de806a4fd5670e130094b0a27d057968fbc176b572dcc444DM Database suffers from a memory corruption vulnerability in the SP_DEL_BAK_EXPIRED procedure.
dc1e126fd1aab5a2eed4f06ac0084d9e6c9fa822ad458c0e331eb2f86318a2b2Destiny Media Player version 1.61 universal buffer overflow exploit that creates a malicious .pls file.
e492fe3b71aa7946bcfa07517017be910bb1080cb919273dcaaaf15a6bb0b8bdDM FileManager version 3.9.4 suffers from a remote file disclosure vulnerability.
fc3bb5e765a25e05b2f53b6c6d09ad89d7d73b53b6fef389ada559e096ffdfb1DM Albums version 1.9.2 and WordPress plugin suffer from a remote file inclusion vulnerability.
b784aa497bd6b2055a69418794ed5b13c4b7408ca6b4b8d6a81f3dc90357e0f1DM FileManager version 3.9.4 suffers from a remote file inclusion vulnerability.
ce6564f07bda2554baf6e402683e01bee39f882a6de6353cc85afcfd63391e41
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed