WinGate version 9.4.1.5998 suffers from an insecure permissions vulnerability that allows for privilege escalation.
cca9ea7f3d456df0c0e3a3e30fed3922Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure.
aa4f9f8d14cf8ae3c1ea713bab3c17d0This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to leverage the Cloupia script interpreter to execute code. This functionality is part of the application's intended operation and considered a "foreverday." The authentication bypass and directory traversals only get us there. If you already have an API key, you may set it in the API_KEY option. The LEAK_FILE option may be set if you wish to leak the API key from a different absolute path, but normally this isn't advisable. Tested on Cisco's VMware distribution of 6.7.3.0.
a3283617421910d08a845659be600c53Castel NextGen DVR version 1.0.0 suffers from authorization bypass, credential disclosure, and cross site request forgery vulnerabilities.
aa89a93b4527459f2ae2ef8eb52607afOnline Course Registration version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fc61e51364ffbf260baf70a6f6adda53Quick Player version 1.3 suffers from a denial of service vulnerability.
40cf6545b04e1c24d68ca9ceae3a6b4fThis Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.
8741d1320b67d5240a0da5c63f0f5065This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator enables the ability to trigger method.invoke(), which will execute arbitrary code.
70d9c90a8b31214d86ae1cb6e37b7167CAYIN xPost version 2.5 suffers from an unauthenticated SQL injection vulnerability. Input passed via the GET parameter wayfinder_seqid in wayfinder_meeting_input.jsp is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
d6686dcd290750e64871dcec7268adfcVMWare vCloud Director version 9.7.0.15498291 suffers from a remote code execution vulnerability.
697658590aa5e4209d66313afcf6c893CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.
2b40a82dbae2a46bd38664601734d373Navigate CMS version 2.8.7 suffers from a cross site request forgery vulnerability.
70129b1732ee864fbabae6f9f394621eCAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
9a04cbad2c7bcc1e00789b91f73a0061NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.
2e508022471e1a49271d4745b0b3e811NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.
e762859b96e7391cb7c4d0f1d5bc1371Navigate CMS version 2.8.7 suffers from an authenticated directory traversal vulnerability.
e422428b73acd01b8faae4427b9bcb16Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files that are allowed to be modified (read/write/delete) are located in the /etc/config/ directory. An attacker can manipulate the POST request parameters to escape from the restricted environment by using absolute path and start reading, writing and deleting arbitrary files on the system.
71fd7f2810f3f64fb2be820cb487f7b5Online Marriage Registration System version 1.0 suffers from a remote code execution vulnerability.
30df76e6681b75d7099836e01dfd2aeaSecure Computing SnapGear Management Console SG560 version 3.1.5 suffers from a cross site request forgery vulnerability.
9068570c9d23605eb5c081c323c3b293D-Link DIR-615 T1 version 20.10 suffers from a CAPTCHA bypass vulnerability.
4a055172c5256e9335439777f8a4cffdUnderconstructionpage versions prior to 3.75 suffer from a persistent cross site scripting vulnerability.
b288398557517cd440d97d8d83ddea66Clinic Management System version 1.0 suffers from a remote shell upload vulnerability.
aef32468a77bdfeb84c28f99eb758777Hostel Management System version 2.0 suffers from a remote SQL injection vulnerability.
6283b938cc0817e4de2f7605525a64c5Oriol Espinal CMS version 1.0 suffers from a remote SQL injection vulnerability.
c02941f13b461b54c222a2bd074379bcNavigate CMS version 2.8.7 suffers from an authenticated remote SQL injection vulnerability.
ab1f04182a74596b013f00e61ba81318
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed