Port Forwarding Wizard version 4.8.0 suffers from a buffer overflow vulnerability.
d80cc71d902a2f8063701473c1de716c02b83a3515108e0fc11a2f1b0d52a54eMiniTool Partition Wizard ShadowMaker version 12.7 suffers from multiple unquoted service path vulnerabilities.
b65c7f242f90cef498d3dec84608658f583d76707f10f01c7ede7b38725ddd96This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication. When you send the vulnerable endpoint a ZIP file, it will extract an attacker controlled file to a directory of the attackers choice on the target system. This issue is exploitable on FortiNAC versions 9.4 prior to 9.4.1, FortiNAC versions 9.2 prior to 9.2.6, FortiNAC versions 9.1 prior to 9.1.8, all versions of FortiNAC 8.8, all versions of FortiNAC 8.7, all versions of FortiNAC 8.6, all versions of FortiNAC 8.5, and all versions of FortiNAC 8.3.
b72056fdc9840a37268bab3325c1941ddb0082c5918cf14fec39001b268b461dThis Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user. Valid credentials for a Nagios XI user are required. This module has been successfully tested against official NagiosXI OVAs versions 5.5.6 through 5.7.5.
e1e14a22eb63b8baf6d8bc7b7a7a42d07a444dd4ad650863cfe3c7cce4239771MiniTool Partition Wizard version 12.0 suffers from an unquoted service path vulnerability.
9564c84c9c680a2e3b84d7e006b54b17112ceb1af52c126a8b5cd5386a345955Audio Conversion Wizard version 2.01 suffers from a buffer overflow vulnerability.
605f74098a9e1207ebaa626a713a4b35b630680fc268c569f358559bb81db913A malicious unauthenticated user could abuse the lack of authentication check on a particular web service exposed by default in SAP Netweaver JAVA stack, allowing them to fully compromise the targeted system. Affected components include SAP Netweaver JAVA versions 7.30 through 7.50 and LM CONFIGURATION WIZARD versions 7.30 SP019 Patch 0000, 7.30 SP020 Patch 0000, 7.31 SP023 Patch 0000, 7.31 SP024 Patch 0000, 7.31 SP025 Patch 0000, 7.31 SP026 Patch 0000, 7.40 SP018 Patch 0000, 7.40 SP019 Patch 0000, 7.40 SP020 Patch 0000, 7.40 SP021 Patch 0000, 7.50 SP012 Patch 0001 and lower, 7.50 SP013 Patch 0002 and lower, 7.50 SP014 Patch 0001 and lower, 7.50 SP015 Patch 0001 and lower, 7.50 SP016 Patch 0001 and lower, 7.50 SP017 Patch 0001 and lower, and 7.50 SP018 Patch 0000.
978750433543ec4b63047fcf6b6926f902e63282e32e39e3576f962e8997c767CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
8227decab2e3303eb2fd3fd07c388f1eab6298ce3df14f3c461ac9bd2a02e376Microsoft Windows WizardOpium local privilege escalation exploit.
8f4ff290f618c7ae82d5e4a5c6a3a8d15528402a776ef0a67b0092135caef4a2This Metasploit module exploits an unauthenticated HTTP POST SEH-based buffer overflow in File Sharing Wizard version 1.5.0.
5ba4934d2c6e2bc26de53ab037769cf889d219ee535dd367281aadff1d2fbd42File Sharing Wizard version 1.5.0 POST SEH buffer overflow exploit.
241a76ac0e6d69be0753a743ecf0138c986af056b02442e8e5a4e9b4c2299b78An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
8aa24d5f0536dc8ab8ba5a04208bb67d10be44f374d522d992546b0c6b964e41An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
1e92ae0c5278fc1a1ef7d635b6034490e6b56ed89def0c3158b907b154633917ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
4aaf94db4e589d54ade6361b661410c42198d5fa12a1169521022005f49c9622ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
e7a7e35d19eb00c27d3e5a83f49a37732228ab8b9169c402dd0fc23ea9477c79ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
8c3bf8eacd72ce4aa2ac52d22f3e789d9459dc63c18d2e1bc0e23a7ae549264dJungo DriverWizard WinDriver versions 12.4.0 and below suffer from a kernel pool overflow vulnerability.
a9ede77e400c88f06f5967153face06cc5dd84995cae8db5727593ad0988cae3Jungo DriverWizard WinDrive suffers from a kernel pool overflow vulnerability.
dca515772a97244268c6a74660ac805849667ca4797270d13edabd00dd2a3754Jungo DriverWizard WinDriver suffers from a kernel out-of-bounds write privilege escalation vulnerability.
3f35127cf2e468c00ca30d9820ac92892af0f635d478118670c971a69fe4071bThis Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. WizardSetting_sys.imss endpoint takes several user inputs and performs LAN settings. After that it use them as argument of predefined operating system command without proper sanitation. It's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue.
50f31837beea28b6c9830ae6763884d12cce54426a4afac257f09c46574b30b4ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
8ddb1a945ada9b3f2ebf3b8e336bdc88bf5149693c808df3c19f3707231f2f4dA Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.
4c747ff421514b04d85a245812dc63289687125e8c22e296fad9d732501c0200ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
a91e75b6cb8cb107cb890a35522795d33084b9d4aeb07cc15981c44268ec81efA Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.
de001b81914740972faf4bd4d0ea388e8757a9bfd02dd6b63707be348929904aipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
831fe3a7c0e35af7cc62968e2a73dcad829835caaddc1d8a3592e280d606280bA Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.
1776a45062cfe3936e51bcfdbca58205ae2d5cbb6213066d96bedbe4afaeeed3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed