WordPress FormCraft Premium WordPress Form Builder versions 3.2.31 and below suffer from a persistent cross site scripting vulnerability.
2836e5dad51c51e3bb783c98e382066bWordPress Ultimate Affiliate Pro plugin versions 3.6 and below suffer from a persistent cross site scripting vulnerability.
e78c775ae995bd10eec13327774bc13cUbiquiti Networks products suffer from an open redirection vulnerability. Products affected include, but are not limited to TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23, AG-HP-5G27, AirGrid M, AirGrid M2, AirGrid M5, AR, AR-HP, BM2HP, BM2-Ti, BM5HP, BM5-Ti, LiteStation M5, locoM2, locoM5, locoM9, M2, M3, M365, M5, M900, NB-2G18, NB-5G22, NB-5G25, NBM3, NBM365, NBM9, NSM2, NSM3, NSM365, NSM5, PBM10, PBM3, PBM365, PBM5, PICOM2HP, and Power AP N.
d8a96607ecdf34caf2ce76f9750a5348Ubiquiti Networks EP-R6, ER-X, and ER-X-SFP with firmware version 1.9.1 suffer from a cross site scripting vulnerability.
9ea2bb02f107be6df0906b4c0a16edf9WebKit JSC suffers from incorrect LoadVarargs handling in ArgumentsEliminationPhase::transform.
3329e3b7383b6891153dfafff93bf8beWebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.
04b54b4fde19de5e3ff97538dc8015b4WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.
84e9da66fe8fee86e5c1ebabf24d65ccWebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.
a4dea82325ce2ff7147bae6f3044af5bWebKit suffers from a WebCore::AccessibilityRenderObject::handleAriaExpandedChanged use-after-free vulnerability.
d5accb37ff0433ed20451be2bf8d0d2aWebKit suffers from a WebCore::InputType::element use-after-free vulnerability.
84bb52539cff54ae0d806d9a294724dcWebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.
f406ef3e1b6958dc221da9cb7f623349WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.
3a6a7d8569e29c1fb12610c995fbb00fWebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.
c8f489da13b7b258afa1030ba904ea43WebKit JSC JSObject::putInlineSlow and JSValue::putToPrimitive suffer from a universal cross site scripting vulnerability.
da248021643aa56bbe3143261555b3ceMEDHOST Connex suffers from having hard-coded credentials that are used for customer database access.
4060ece78c50b2cf07b1ff050beb19bdWebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.
fdfb04b663dc8d80c76b553252701587WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).
8ee249918143ed15fd4a0095efcb75b7WebKit JSC suffers from an uninitialized memory reference in arrayProtoFuncSplice.
61302137db1706d8e9bb703e1fa8e6bbRedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.
f9322f1de37bb8d2ca55321984365985RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to capture network traffic on the appliance's interfaces. Affected versions include build 2032 and 2.0.625.
f3b3c14230e3b45ae8be25be44376f4bRedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Affected versions include build 2032 and 2.0.625.
5a981daa4f44e53cddc62b4f55f0e6beMAWK versions 1.3.3-17 and below are susceptible to a stack-based buffer overflow vulnerability.
f76cf831d1aaa6799ae5841ed1ae6276RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Affected versions include build 2032 and 2.0.625.
664727fa4f3052f0f5a5c85f3ffeae92This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.
386fa43dc27bca19440cf9b03bd04679RedTeam Pentesting discovered a cross site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Affected versions include build 2032 and 2.0.625.
9a8f679c770ecd3442415c5f9eb1fcee
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed