Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.
85615421d4b8774b861196ab8f62be4fJoomla! version 3.9.1 suffers from a persistent cross site scripting vulnerability in the global configuration textfilter settings.
4b0437df2bd830c4aa1d70bad7749fffphpTransformer version 2016.9 suffers from a directory traversal vulnerability.
72718c9c8004fad0184a37c86c1f7514phpTransformer version 2016.9 suffers from a remote SQL injection vulnerability.
fd601c1dcbdbbcdfcb6ff05f7608680cSeoToaster Ecommerce version 3.0.0 suffers from a local file inclusion vulnerability.
9f2299407ce91ffabeb1fed35708460fDotNetNuke Events Calendar module version 1.x suffers from a file download vulnerability.
721641e0fe9facec0b882f0b53c699f4This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.
9e47bc329db56a10368c5886b4673495SCP clients have an issue where additional files can be copied over without your knowledge.
626b8f9ed7ac34747bdfe8ac1d82a454FastTube version 1.0.1.0 suffers from a denial of service vulnerability.
b0a8feeb4554e9665b0fff11cd0742fcEco Search version 1.0.2.0 suffers from a denial of service vulnerability.
548fa4c8f731973b2b0da797bad462e2One Search version 1.1.0.0 suffers from a denial of service vulnerability.
440e69004749262fcac493df8490d477VPN Browser+ version 1.1.0.0 suffers from a denial of service vulnerability.
2c89b75417ef55c71fe7d5f2830e7c497 Tik version 1.0.1.0 suffers from a denial of service vulnerability.
b9738c9c7801be73bb212abb7c5d58ccWatchr version 1.1.0.0 suffers from a denial of service vulnerability.
23fcf967de504a6a7860458912eff2d8Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.
43954049af42d6f9760693a7a6a692deMozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.
fe019fa6ad6c40086ca4f91c26ff77f8Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.
94b83feccca12141f97e4a4996b14321Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.
04e442a342d11d6ebcdf78f719bbbf63Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.
1f0d1a5760ad50229ec53fa02c921fefJoomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.
f7725173a86620e012164a7a17e2dfa1In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.
5c28c1a80c423bfe8ef6de5aa3f1170bMicrosoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.
46eb78a54630f51f57be7bcdca2fa397Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.
d5cc68c9e775edbaf57809134a79ebcbBlueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.
e2fcb7c12aedd4cbe1a64e468bb035e4ShoreTel / Mitel Connect ONSITE ST14.2 suffers from a remote code execution vulnerability.
d6775f8fba2dee0067eb79a6bbafd88f
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed