CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.
1cbcf8ed9ea5ef18b9981873d99697ebWordPress All In One Favicon plugin version 4.6 suffers from a cross site scripting vulnerability.
4e1fd052af536e388490d26a91809868Chrome suffers from floating-point precision errors in Swiftshader blitting.
7b98d22e3cda5e01a29a389816481305MyBB New Threads plugin version 1.1 suffers from a cross site scripting vulnerability.
ad2681c777df161b9e3674786e010194Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.
94c654dcb20a0856b832d97f6fed38a0Adobe Systems Mail Lead DBMS suffers from an arbitrary code injection vulnerability.
ada369cd2544ba228b1d487fb353258dChrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.
b3eb960cb7d3278d871332f5993c7d6cLinux kernel versions prior to 4.14.8 utilize the Berkeley Packet Filter (BPF) which contains a vulnerability where it may improperly perform signing for an extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have kernel.unprivileged_bpf_disabled set to 1. This Metasploit module has been tested successfully on many different kernels.
4596fc215a7899eb6de8fccca0e92708Barracuda Cloud Control version 7.1.1.003 suffers from a cross site scripting vulnerability.
ff2e83501f0a7393dc41facb92cd154fBarracuda Cloud Control version 3.020 suffers from a cross site scripting vulnerability.
f23473cf4a6e820950f67bcee0f9bdf1Modx Revolution versions prior to 2.6.4 suffer from a remote code execution vulnerability.
6676ba0c95250f29f12815696ab2b9e4Smart SMS and Email Manager version 3.3 suffers from a remote SQL injection vulnerability.
a6d5202d3365300bb015064a17f8729dJavaScript Core arbitrary code execution exploit.
451614b5b6654ae9f5e8d9bc10001aefOpen-AudIT Community version 2.1.1 suffers from a cross site scripting vulnerability.
8d1bccdf395bdfdaa21807febf23168eGhostMail suffers from a malicious script insertion vulnerability.
f901762c2d372d257852aa2cacd2355dGhostMail suffers from an html injection vulnerability.
6e046d902f12ab4c5fe434396b98bedaFTP2FTP version 1.0 suffers from an arbitrary file download vulnerability.
9d314c56059d12b0cc6aec73b088a155Binance version 1.5.0 suffers from an insecure file permission vulnerability.
23ab79875476d303569e9a725683a7deHomeMatic Zentrale CCU2 suffers from an unauthenticated remote code execution vulnerability.
ccea6d6c54fb9e1b819b5ac388864b05TP-Link Archer C2 router version 3.0 suffers from a remote code execution vulnerability.
1302020fff90f9bf889d5052ca5179b1This Metasploit module exploits a command injection vulnerability in the change_passwd API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. Valid credentials for the 'admin' user account are required, however, this module also exploits a separate password disclosure issue which allows any authenticated user to view the password set for the 'admin' user during first install. This Metasploit module has been tested successfully on QNAP Q'Center appliance version 1.6.1075.
53cb0615ae05a91ee87abd7989407825This Metasploit module takes advantage of miner remote manager APIs to exploit an remote code execution vulnerability.
087e63649653e40f11058ac152fe30afMicrohard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as 'reserved for internal use'. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF attack. When the service is enabled, a user 'msshc' is created on the system with password 'msshc' for SSH shell access on port 22. When connected, the user is dropped into a NcFTP jailed environment, that has limited commands for file transfer administration. One of the commands is a custom added 'ping' command that has a command injection vulnerability that allows the attacker to escape the restricted environment and enter into a root shell terminal that can execute commands as the root user. Many versions are affected.
3679d738983dec17aa3243aa408c3212Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from an open redirection vulnerability. Many versions are affected.
afbbf88e9876ec95b9eb0b84ade6d536Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems suffer from a system backup configuration file 'IPn4G.config' in '/' directory or its respective name based on the model name including the similar files in '/www/cgi-bin/system.conf', '/tmp' and the cli.conf in '/etc/m_cli/' can be downloaded by an authenticated attacker in certain circumstances. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access. Many versions are affected.
e8955597bdd0224a62bfdb870b980cf0
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed