Adobe Flash suffers from a blur filtering out of bounds write vulnerability.
88c1fee8c2461e70f8fb6ccd45168207Adobe Flash suffers from an image inflation information disclosure vulnerability.
5a8202b546643e77eb7e2ebee544e14cAdobe Flash suffers from a sound playing overflow.
764b0bb1ef3ed5a38a8acdb4c7362484Adobe Flash suffers from a slab rendering overflow.
b512de2dc1d1e5461cd3384d37330c84This Metasploit module attempts to gain root privileges on Deepin Linux systems by using lastore-daemon to install a package. The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary system packages without providing a password, resulting in code execution as root. By default, the first user created on the system is a member of the sudo group. This Metasploit module has been tested successfully with lastore-daemon version 0.9.53-1 on Deepin Linux 15.5 (x64).
baa73891b2b9f0118971e92d8daa13ccThis Metasploit module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This Metasploit module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote shell. This Metasploit module was tested successfully on an ASUS RT-N12E with firmware version 2.0.0.35. Numerous ASUS models are reportedly affected, but untested.
0b841685aaa09cefb0a9621293d64a94Drupal Avatar Uploader module version 7.x-1.0-beta8 suffers from an arbitrary file download vulnerability.
f71fbf325b46560419ed396682ba3a33Chrome V8 JIT suffers from a NodeProperties::InferReceiverMaps type confusion vulnerability.
d8ca369d4de256bff5cc0437ef5167b1DrayTek Vigor ACS server, a remote enterprise management system for DrayTek routers, uses a vulnerable version of the Adobe / Apache Flex Java library that has a deserialisation vulnerability. This can be exploited by an unauthenticated attacker to achieve remote code execution as root / SYSTEM on all versions until 2.2.2. Exploit code included.
4c7d83cfec04d1724b9d118fb3cd42e1Microsoft Internet Explorer version 11.371.16299.0 suffers from a denial of service vulnerability.
8f802c6b5e7355817d785abe182618e6Cobub Razor version 0.8.0 suffers from a path disclosure vulnerability.
576cf5b28eecb06a93ee4f29e77f29c5Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffers from a persistent cross site scripting vulnerabilities.
26ee374c709608e517d6ee7adb023c0bSeagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from a path traversal vulnerability.
87a733abc7f20117965d25472991a72bSeagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 allows for moving of arbitrary files.
4a1b51ad89566e53f422c327f916fb1cThe enlightened Windows Lockdown Policy check for COM Class instantiation can be bypassed by using a bug in .NET leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
9af4ae4b97751a5713a7402ad0feb6c6Digital Guardian Management Console version 7.1.2.0015 suffers from an XML external entity injection vulnerability.
4580a4c26b72fed29c24bcb9499af56fDigital Guardian Management Console version 7.1.2.0015 suffer from a server-side request forgery vulnerability.
fb6b58b0bab3666f08404066bdb8c0bcLutron Quantum versions 2.0 through 3.2.243 suffer from an information disclosure vulnerability.
5fbf3f349a5f2b4e47f15ecd8b2d37f3WordPress Caldera Forms plugin version 1.5.9.1 suffers from a cross site scripting vulnerability.
8a71154dd8f78326e22e2125132af1b6Facebook Graph groups crosswalk user's metadata mapping weakness demo proof of concept script.
cedc3e5b3dddf3d9c0b7c2ff3cd164acJoomla JS Jobs component version 1.2.0 suffers from a cross site request forgery vulnerability.
767f3b2c945b596633a81343fe04997dGeist WatchDog Console version 3.2.2 suffers from cross site scripting, XML external entity injection, and insecure file permission vulnerabilities.
4811ca31e7f5fe461ed4376e43851eccMatch Clone Script version 1.0.4 suffers from a cross site scripting vulnerability.
056162856f9fe31ccf79ec69a6eb04f0Rvsitebuilder CMS suffers from a backup disclosure vulnerability.
46aa749ab9797f353df4c50755a57811MySQL Squid Access Report version 2.1.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
57dcbbb92acfac828907d96c7d9bebee
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed