QEMU Guest Agent version 2.12.50 suffers from a denial of service vulnerability.
b12854edacb2fa3c3802ea55c15c6616phpMyAdmin version 4.8.1 suffers from a local file inclusion vulnerability that can lead to code execution.
eb2702b935164a2120d6eb7be48ae476phpLDAPadmin version 1.2.2 suffers from a server_id LDAP injection vulnerability.
80926eb5b3ab1b86753600249c8e99d2GreenCMS version 2.3.0603 suffers from a sensitive information disclosure vulnerability.
ecd355d0e5958d96b8b889b5395021d9phpMyAdmin version 4.8.1 suffers from an authenticated local file inclusion vulnerabilities.
afa380964419c4b6f6b9f6f2f215923dNewMark CMS version 2.1 suffers from a remote SQL injection vulnerability.
acf1c45f765e00a8cdcc0b917b63319dLFCMS version 3.7.0 suffers from an add user cross site request forgery vulnerability.
fddd0079e0d18eabf8816218468b3c0cOrchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in the ability to read arbitrary files outside of the applications web directory. This issue is further compounded as the Linux version of Orchid Core VMS application is running in context of a user in the sudoers group. As such, any file on the underlying system, for which the location is known, can be read. This Metasploit module was tested against 2.0.5. This has been fixed in 2.0.6.
3e04a3dc073e0a19729151e34ab842cbApache CouchDB versions prior to 2.1.0 remote code execution proof of concept exploit.
41cb849d4d5d1e2396ab8315d6910c18TP-Link TL-WA850RE suffers from a remote command execution vulnerability.
dd86d6406e6555f8f31f532cfe144ae8Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.
644beef393e8a481559e2ac1d14d98e8LFCMS version 3.7.0 suffers from an add administrator cross site request forgery vulnerability.
ed829dcb17d5904712a7b0e4006e26c5Mirasys DVMS Workstation versions 5.12.6 and below suffer from a path traversal vulnerability.
ae65ddada66109a6a95277fe522b105cDell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.
6c11f1bc9ab032ba45ef40d9bb694a6fOpencart versions 3.0.2.0 and below suffer from a google_sitemap remote denial of service vulnerability.
7973225bf48d28a9d07972a7550c13c5ntp version 4.2.8p11 local buffer overflow proof of concept exploit.
2fd8ead2c4c5a791240661a169476a78VideoInsight WebClient version 5 suffers from a remote SQL injection vulnerability.
8b26d55ae2c6e6314fa16d851aa6620eRedis version 5.0 suffers from a denial of service vulnerability.
0673adb36c946b17ca82600f12480becMaDDash version 2.0.2 suffers from a directory listing disclosure vulnerability.
f0fb1d169e73ae2b0a5de650d778772eThe handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.
0c6e9aac6eb44da88353cc69fbad521fThe activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of arbitrary object directories leading to privilege escalation.
832f197845675cc7fc23e2136754692cMicrosoft COM for Windows privilege escalation proof of concept exploit. A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how "Microsoft COM for Windows" handles serialized objects.
96f4a2c83114fc51a56f27a6b609fa56MagniComp SysInfo contains a information exposure vulnerability through debug functionality. Versions SysInfo 10-H81 and above are not affected.
05af244c6663efde83caac79a67b4878RabbitMQ Web Management versions prior to 3.7.6 suffer from a cross site request forgery vulnerability.
0e90026ca7e02938b9b68fbc91cea5caPale Moon Browser versions prior to 27.9.3 suffer from a use-after-free vulnerability.
e4036d6b66047ae0fac41ded1bba4462
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed