Nokia ASIKA version 7.13.52 suffers from a hard-coded private key disclosure vulnerability.
ba290e4ad8f61e25e13991a6b32e0f12e28123576ee71b01dfcecb7262302d64A Cart version 2.0 suffers from a database disclosure vulnerability.
f02d0af5684e95ea2a0babb2e693e32db722ba7f6a1d94ea916d95540c7adc2eWordPress Google Maps plugin version 9.0.17 appears to leave backups in a world accessible directory under the document root.
156dd68545b65c54c2373a2cda8dd9dda4f59fcde02261a810d41ad5c595eea7WordPress File Manager Pro plugin version 8.3.1 appears to leave backups in a world accessible directory under the document root.
4b88684db05c1e6e30e6201dd62cc4950900d94c6892036e226fe347c047f0f2WordPress Envato plugin version 2.0.7 appears to leave backups in a world accessible directory under the document root.
f2094a0011047a7e71da6c767d74d1960b654e75fb3aa4d77b9cf52e5f7ccd7dWordPress Duplicator plugin versions 3.8.0.2 through 4.0.2 appear to leave backups in a world accessible directory under the document root.
9a115bff9bfb5c9e5db5e757259c9eb3b36b1f7f1e8efc39986d97a2dde53215Debian Linux Security Advisory 5430-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions.
a4ece4420f8b96970d286b1d8fdd46ce7c0bbe2000da066ceb03829110b5bb0dDebian Linux Security Advisory 5428-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
438d24cfb222bcb67e2bb899b8d783634905739b4682fb5d053c932f28d87048WordPress Unyson plugin version 2.7.28 appears to leave backups in a world accessible directory under the document root.
ded4568e592a56e54d8658c4b65d33823bedb435257d32a3cc86b431e0051255libssh2 version 1.8.2 contains a remotely trigger-able out-of-bounds read, potentially leading to information disclosure.
47dbaa31a29d74354b7f8716952609a928ff2194c685ff7f70671eae2d710286libssh2 version 1.9.0 contains a remotely trigger-able out-of-bounds read, leading to denial of service or potentially to information disclosure.
e79ff6b1f659b8e1be88dd359afcecafb7933238e7e489068a3bd0a273b7d191Debian Linux Security Advisory 5420-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
209fcc0d6308ca3c4f8ca823440e01e01d92ded52eed8063ef23b3de06f613d6Ubuntu Security Notice 6144-1 - It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute arbitrary code. Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user before loading the host document inside an IFrame. If a user were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause information disclosure or execute arbitrary code.
37dcbd392a52b90efbebd568b820d59b5bc9cea60ef156e11a7091896e446143Magento eCommerce version 2.4.0 suffers from an information disclosure vulnerability.
ab3ecd35ea1bd5ea43f71e8cc7229f70824a190697fc616d9688716fd6a524a1WordPress Updraft plugin version 0.6.1 suffers from an information disclosure vulnerability.
5b25f4bd4b6c6c3aad3c43163b102ed5e626173201ff5e1cfd700e55203ee573WordPress WP File Manager plugin version 7.1.7 appears to leave backups in a world accessible directory under the document root.
c9005fcccee0a6133165a91ee9c215da9f0dd7075b27a4f3a42d3ac18c40a37eWordPress WPtouch Pro version 4 appears to leave backups in a world accessible directory under the document root.
65984e1a3efd66a52431d7ebf5925f03c78ba05afc631500a01fc5a24e0ea25eDebian Linux Security Advisory 5418-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
84a636d11c6341fab403959a6a9d66ba7ff37699e8e47df760c6f1c8fe61267cWFTPD version 3.25 leaves credentials accessible in wftpd.ini.
84b7e59e7c79b2e7f54fe4511e8ee6e1626462eecb05c8c986d66ac424e88a4aA Cart version 1.0 suffers from a database disclosure vulnerability.
88ac4e5b373c0ea5029c7e27e9dc3d0f6253e9099a6ce21ab1a22e4f7cd6a276WordPress Backup Migration plugin version 1.2.8 suffers from a database disclosure vulnerability.
54bfb2eecc242ef9dd0f6982f9909de6c5939c256b9a2ca0aed8bb82c04f7e1fDebian Linux Security Advisory 5404-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
b9d8cf3624f6ed52243b417dd4886d4a46160ad20e96d0070a4579b580fe1a6eScreen SFT DAB 600/C is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information including usernames and source IP addresses.
e3416b7b51b13c8a02e0377d294d6b4b558ba2a448f681c4ee83ec0d4a9214dfTextpattern version 4.8.8 logs the session token in a GET request where it may end up getting disclosed in logs or via a referer.
1ae8e0b552a4239f94e3a47bd60d1a40de5024ed400567419bb925ce5c2c66e0This Metasploit module exploits multiple vulnerabilities in the zhttpd binary (/bin/zhttpd) and zcmd binary (/bin/zcmd). It is present on more than 40 Zyxel routers and CPE devices. The remote code execution vulnerability can be exploited by chaining the local file disclosure vulnerability in the zhttpd binary that allows an unauthenticated attacker to read the entire configuration of the router via the vulnerable endpoint /Export_Log?/data/zcfg_config.json. With this information disclosure, the attacker can determine if the router is reachable via ssh and use the second vulnerability in the zcmd binary to derive the supervisor password exploiting a weak implementation of a password derivation algorithm using the device serial number. After exploitation, an attacker will be able to execute any command as user supervisor.
9a3aef1a073115f56b28eb2aec9260df77503937d00eeca46fde8494010d2467
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed