eventreg.oracle.com suffers from a cross site scripting vulnerability.
1a3cc8c008bca4a51860ddf21b3ec91bDefault credentials in Adobe Experience Manager (AEM) versions prior to 6.3 can lead to remote code execution.
e16c1926d28aab23d1dc10543db6f4a9D-Link DSL-3782 suffers from an authentication bypass vulnerability.
82877c3443f5f0d83fd34a6e522f4f8aEasy MPEG to DVD Burner version 1.7.11 local buffer overflow SEH exploit with DEP bypass.
2d2c9f99e2e27977fff8243f09ccfb09Joomla EkRishta component version 2.10 suffers from cross site scripting and remote SQL injection vulnerabilities.
bbb01327012f75900dff9c4486d2bd9bmySCADA myPRO version 7 has a hardcoded FTP username and password.
b36ac90484f85fddd1f5a1d02d46eabbThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04 (x86_64) with kernel version 2.6.32-21-generic.
ca0aaa65162c3d2e20a520b81415f4aeHealwire Online Pharmacy version 3.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
9196695291014c0d67db9bdd80d678ffThis Metasploit module exploits an expression language injection vulnerability, along with an authentication bypass vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04 to achieve remote code execution. The HP iMC server suffers from multiple vulnerabilities allows unauthenticated attacker to execute arbitrary Expression Language via the beanName parameter, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 8080 and 8443 by default. This Metasploit module has been tested successfully on iMC PLAT v7.3(E0504P02) on Windows 2k12r2 x64 (EN).
409c199dae62513789f6016cba7903bdSAP B2B / B2C CRM versions 2.x up to 4.x suffer from a local file inclusion vulnerability.
d9253407b7b389816488abe6d1a1e481DynoRoot DHCP suffers from a client command injection vulnerability.
2e8a721a5d5bb1c6f66a40274aea5ae1Infinity Market Classified Ads Script version 1.6.2 suffers from a cross site request forgery vulnerability.
bd90cdb52547245a61c4cbdb0d6e87eePrime95 version 29.4b8 SEH buffer overflow exploit.
f8f20d97ff558024599a9ee8ee40f52eCisco SA520W Security Appliance suffers from a path traversal vulnerability.
d8f45b8bfc45f6a23ec142f301ed9a58Multiple Siemens SIMATIC panels suffer from cross site request forgery and cross site scripting vulnerabilities.
52fd7f7488e289fc4a42c19a2bd6d53bLinux suffers from a 4-byte information leak via an uninitialized struct field in the compat adjtimex syscall.
3e22473d4edff1e68082884c6f7a235bChakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks.
09442d487262053ca44c67ade9eacecbSAP NetWeaver Web Dynpro versions 6.4 up to 7.5 suffer from an information disclosure vulnerability.
8067c3689144753ad6dd851439ba0e9fMonstra CMS versions prior to 3.0.4 suffer from a cross site scripting vulnerability.
1f1f0e7cdd0eff105e7fcaf27d217cefThis Metasploit module exploits a heap-out-of-bounds write in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2017-7308). The bug was initially introduced in 2011 and patched in version 4.10.6, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu Xenial kernels 4.8.0 < 4.8.0-46, including Linux distros based on Ubuntu Xenial, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 18 (x86_64) with kernel versions: 4.8.0-34-generic; 4.8.0-36-generic; 4.8.0-39-generic; 4.8.0-41-generic; 4.8.0-42-generic; 4.8.0-44-generic; 4.8.0-45-generic.
619464075778b62a92b3753066e120baIntelbras NCLOUD 300 version 1.0 suffers from an authentication bypass vulnerability.
388ac8e1c27e9c1b841bbf975ca1481aNanopool Claymore Dual Miner version 7.3 suffers from a remote code execution vulnerability.
8623321185104823c8fa7a0e5ca0190fPowerlogic/Schneider Electric IONXXXX Series suffers from a cross site request forgery vulnerability.
2ef17c9ee603982d018c378cdb7b105cSuperCom Online Shopping Ecommerce Cart 1 suffers from remote SQL injection, cross site request forgery, and cross site scripting vulnerabilities.
eee904a60e89110b7191ba2d167bbfb3NodAPS version 4.0 suffers from cross site request forgery and remote SQL injection vulnerabilities.
c44435ac73194c9205c2e0f6fdab2a8b
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed