Eset Mobile Security application for Android version 5.2.18.0 suffers from an application locking bypass vulnerability.
5939e461c6d3bb8e52eab172d8654d36Honeywell MCR Web Controller suffers from cross site scripting and path disclosure vulnerabilities. Versions affected include XL1000C50 EXCEL WEB 52 I/O, XL1000C500 EXCEL WEB 300 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C1000 EXCEL WEB 600 I/O, XL1000C50U EXCEL WEB 52 I/O UUKL, XL1000C500U EXCEL WEB 300 I/O UUKL, XL1000C100U EXCEL WEB 104 I/O UUKL, and XL1000C1000U EXCEL WEB 600 I/O UUKL.
003b47896ad21065085529e4e711beebAn issue exists where Adobe Acrobat Reader DC for Windows makes use of an uninitialized pointer due to a malformed OTF font (CFF table).
bae53b75b8cc138268f5e6384fcb5d63An issue exists with Adobe Acrobat Reader DC for Windows use of an uninitialized pointer due to malformed JBIG2Globals stream.
2e0983da88e101353889315463cb5bd1iMessage suffers from an issue where decoding NSSharedKeyDictionary can read an ObjC object at attacker controlled address.
44b9493651f02f67170dee4980389e1aiOS IOUSBDeviceFamily version 12.4.1 IOInterruptEventSource heap corruption proof of concept exploit.
b070d13153419dd7869767dbd75340b8XML Notepad version 2.8.0.4 suffers from an XML external entity injection vulnerability.
1b52bf53b8930e6a789d32d244819661PunBB with SQLite appears to store its database within the webroot, allowing it to be retrieved by attackers.
4cdd50b4b325603af71d3727a24a9722Alps HID Monitor Service version 8.1.0.10 suffers from an ApHidMonitorService unquoted service path vulnerability.
5224866c9038b30d76b7c791da64ae37GCafe version 3.0 suffers from a gbClienService unquoted service path vulnerability.
87ba1fc068e710159ab492b215c8f999The Chrome Payment Handler API suffers from site isolation bypass and local file disclosure vulnerabilities.
a0e44b48eda93d22f89c1bb42d02f804Nextcloud 17 suffers from multiple cross site request forgery vulnerabilities.
b613cc280057db8886536325e5bf276dAdive Framework version 2.0.7 suffers from a privilege escalation vulnerability.
fabbbf5ca28fd0f0d55a57bb29f69d80SolarWinds Kiwi Syslog Server version 8.3.52 suffers from a Kiwi Syslog Service unquoted service path vulnerability.
8d7bc2683cb6f64137f2da91f394f308Jenkins Build-Metrics plugin version 1.3 suffers from a cross site scripting vulnerability.
2c5ebf0addb47107e060f7e5c07dad3eThis Metasploit module exploits the SNMP write access configuration ability of SNMP-EXTEND-MIB to configure MIB extensions and lead to remote code execution.
7bbcbcc6643285e6383d196644e39589This Metasploit module exploits CVE-2017-13156 in Android to install a payload into another application. The payload APK will have the same signature and can be installed as an update, preserving the existing data. The vulnerability was fixed in the 5th December 2017 security patch, and was additionally fixed by the APK Signature scheme v2, so only APKs signed with the v1 scheme are vulnerable. Payload handler is disabled, and a multi/handler must be started first.
64f1c304613a13c0a1b0f19f8913efecThis Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64).
5a8c7959c835ac3cbcc733bb6b9b60acAdobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to the admin web interface even though the passwords might be different, and therefore bypassing authentication on the admin web interface leading to arbitrary code execution. Tested on Windows and Linux with ColdFusion 9.
b279a1c376f201d8307caf2142e52d50WebKit suffers from an integer overflow in NodeRareData::m_connectedFrameCount that can lead to universal cross site scripting and type confusion.
ab1e8dd57e42d668deb196080d883ef1Adaware Web Companion version 4.8.2078.3950 suffers from an unquoted service path vulnerability.
57dbed68045118e90b9baabce5bbe9ceSmartwares HOME Easy versions 1.0.9 and below suffer from a database backup information disclosure vulnerability.
a90a2eeaa15741bc8a9528865b6bb7ecSmartwares HOME Easy versions 1.0.9 and below suffer from a client-side authentication bypass vulnerability.
f67e26679be00cf74fa3d262f62a1becParallels Plesk Panel version 9.5 suffers from a cross site scripting vulnerability.
c5350e2e3a070c750e1ecf208c0d70f7QNAP NetBak Replicator version 4.5.6.0607 suffers from a QVssService unquoted service path vulnerability.
7c4c8d84258f0ed0958f4d22376f986c
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed