Oracle Web Center versions 11.1.1.9.0, 12.2.1.1.0, and 12.2.1.2.0 suffer from a cross site scripting vulnerability.
1e3f00f41f33004fa4e281208e66410bThis Metasploit module exploits a buffer overflow during user registration in Easy Chat Server software.
ea660b80899722585fc2d5713b8b135fA vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104 as of the day of disclosure) which can be leveraged locally by a malicious application to elevate its privileges to those of NT_AUTHORITY\SYSTEM.
05dbcbf512b9be0da1b9ceddb93d860cIPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
1f8ebd286acb009b1e30960495f5b74dThis Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password supplied using HTTP basic authentication is used in a call to exec(). This Metasploit module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.
97f5f8a82932db45a47b13397a65ccd6This Metasploit module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1.
b76c5685a0298b752e8aaaf4f214e190PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a TestServlet cross site scripting vulnerability.
8a037c93fb00af442cd3d7d4c290d773Televes COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities.
11e5fce5fce1522aabed9b6b047e5214NEC Universe UM4730 versions prior to 11.8 suffers from a remote SQL injection vulnerability.
bd6afe493c6cb60bbef4cc206749064aTrustonic's Trusted Execution Environment (TEE) OS fails to perform revocation of trustlets.
9c01feb9f591e95fb6fa6abb1652bfccVirtual Postage (VPA) version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
8369a81037615f726ea8562ceb9f8e70SKILLS.com.au Industry App version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
4fd64fa016fa5e25eb328a8cf4cbe71dJoomla JoomRecipe component version 1.0.4 suffers from a remote SQL injection vulnerability in search_author.
8e221f04a1069e35f5027530227e087bSonicwall Secure Remote Access (SRA) version 8.1.0.2-14sv suffers from a remote command injection vulnerability.
3e9b87e20111ec904389983baa4b9646WordPress Task Manager Pro version 1.31 suffers from multiple cross site scripting vulnerabilities.
277685ee784f659f986136cf25ef9665Citrix CloudBridge suffers from a CAKEPHP pre-authentication remote root cookie command injection vulnerability.
c2ccb69375ec5cc51c43f5d8342cbe14Sonicwall version 8.1.0.2-14sv importlogo/sitecustomization remote command execution exploit.
f4bad59c7c3ffd31bf7c765213c2fc43Citrix SD-WAN version 9.1.2.26.561201 logout cookie pre-authentication remote command injection exploit.
ef406c56f17330fc66b94fbd4fbe376aSonicwall SRA version 8.1.0.2-14sv gencsr.cgi remote command injection exploit.
1b8a31b46825c7465b2937b76b39b411Microsoft Internet Explorer suffers from a VBScript arithmetic function type confusion vulnerability.
36041e9339d744ded4732a8610849612Bitcoin Core Wallet version 0.14.2 proof of concept crash exploit discovered while fuzzing.
38651d8c18a430e9febe00800a5f7136Barracuda Load Balancer Firmware versions 6.0.1.006 (2016-08-19) and below post-authentication remote root exploit.
dd9661cd7ce5c9e5b97ed4caa71a55d1Various GPC Sanitization bypasses exist in Cisco WebEx that can permit from arbitrary remote command execution.
d813975ef580e832e44c2ebb87aba929Microsoft Internet Explorer suffers from a memory corruption vulnerability in CMarkup::DestroySplayTree. The bug was confirmed on IE version 11.0.9600.18617 (Update version 11.0.40) running on Windows 7 64-bit.
cdc2215843df74b066e451921f6fea5cThe Microsoft Windows kernel suffers from a nsiproxy/netio pool memory disclosure vulnerability in the handling of IOCTL 0x120007 (NsiGetParameter).
5fb0a00432c51065a4d436704124521c
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed