Template Security has discovered a serious denial of service vulnerability in the BlueCat Networks Adonis DNS/DHCP Appliance. When XHA is configured to place two Adonis servers in an active-passive pair to provide high availability, a remote attacker can transmit a single UDP datagram to crash the heartbeat control process. This can be used for example to create an active/active condition in the cluster pair.
cc3a0e1f01e8c577869fec6643baaacbf4c0c356f0b25da7cd5cad08f003d024TSPlus version 16.0.2.14 suffers from an insecure permissions vulnerability.
0bc7ecda382e75a1cb2b54690a396532c49dd66393a3842a9283c8bfaf166236TSPlus version 16.0.0.0 suffers from an insecure permissions vulnerability.
06f5da798bc1734c99952dd5665f7fc882b0e8d1c219d8e327e08d2824444cbbTSPlus version 16.0.0.0 suffers from an insecure credential storage vulnerability.
215f20ce0fd7976f257c178193251dfef5d9ab1191d503a59cbdd146d251811dTime Slot Booking Calendar version 1.8 suffers from a cross site scripting vulnerability.
f65b274470cdaa58905697b946bb0b36c4806f9c1a414f504b6f854b7f020005Piwigo version 13.5.0 suffers from a remote SQL injection vulnerability.
b4b2bf2bd02e5e6e2f24ce835e44e52d016f467252a6d79a30e013c6f3028a74Train Scheduler App version 1.0 suffers from an insecure direct object reference vulnerability.
35e0aca5c12fde1a197fcd41a91aeee4b905c913ce48905a08acc0913c03bbe7WordPress WPvivid Backup plugin versions prior to 0.9.76 suffer from a path traversal vulnerability.
fb090fe06b8107185b5b73bdfac52e984a5bd3987e4e8a14397734095d06addfLiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.
64fb0fffa85d330dbc47f539a594fa8fcad4c9362b419983c93474d08ba4e151PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.
45b5224650ea3cb883a0c405f3c4d76eef8cc2dbc8f3fb98282c4ea633d2e202T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.
a38f9872c25051fb5d40689975a5a643292512cac28208caeaa677228ed3e251T-Soft E-Commerce version 4 suffers from a cross site request forgery vulnerability.
c6b8e63ffe9cd49eeb60a1fb0927f605b76c7e0f0c0526db27887b5438211ac3This document is a guide on how to use tshark effectively to monitor and analyze traffic.
b5f392c0a6f13e0c48407dcf564964d9098a9ac088cfac2258e29e1f74c4670cEnvira Gallery Lite edition version 1.8.3.2 suffers from a cross site scripting vulnerability.
9dbf149ef3ee66457f73ea7147ed74161ff3ef6881909b863f14b4bf54649b7cTypesetter version 5.1 is vulnerable to code execution via /index.php/Admin/Uploaded. An attacker can exploit this by uploading a zip that contains a malicious php file inside. After extracting the zip file containing the malicious php file, it is possible to execute commands on the target operation system.
ee974c9d37c8aba758fd4db3a34e859ee9e9a7a9e7db287f6d35e858f330de34GilaCMS version 1.11.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
6603d87a861a3d845fa61f9b588c6b86e0c8fe070114880b2f66b4cd804da8dfA local privilege escalation issue was discovered in Avast Secure Browser version 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates.
c3807d4734d35255ec28f3968e435a787e351216fcadf4013c873c8d1ea9df67Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
8a705d66a11dea3ced8ff1ddbb628df03886926a4d88a4506f71c1bceda77cb7Terminal Services Manager version 3.2.1 denial of service proof of concept exploit.
20930ea7270b48fd4bd7377a0b79548a0455c7a5731a33bb0cdcaf66aee17b80Technical Support Juxiang Network China version 1.0 suffers from a remote SQL injection vulnerability.
38f642bca055cb91ae9426e8b412b4577b486240a0908f709bf79885f85e92eaTerminal Services Manager version 3.1 SEH local buffer overflow exploit.
ef05c13c249019baff4c01b24665030f69325150807beba41da28401fca3cfeaG DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.
a4a9b35e2dd08d915f0c7853b6318dcc7ae9080e1e6d5e6db10980d7390b81e0A vulnerability allows local attackers to escalate privilege on TotalAV versions 4.1.7 through 4.6.19 because of weak "C:\Program Files\TotalAV" permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.
7ddb47fa9650b8d0c8373db8166f2ded014751591383842dbb2ccdcaaeebaa73In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).
8b95bb49aed9a1a93908ec4399e0088c6836bf8eba34be94d0cccbce2da183dbPanda Global Security version 17.0.1 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through the use of an insecurely created named pipe.
3d04c6e271055eec4d1aa92ac83833674c1a67f99b109e56f8a5e20b0657c1bb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed