Adobe Experience suffers from a reflected cross site scripting vulnerability. The author contacted Adobe back in August but the issue is still not resolved so they are releasing details in hopes that Adobe will address the issue. Note that this finding houses site-specific data. Update on 01/21/2013: Adobe PSIRT has resolved the issue and the author has confirmed that this was indeed fixed.
b7ad16292219d69d31c0817f287d4e50149c4bdbd887e0e0e7282fad6aa95478The WordPress Ripe HD FLV player plugin suffers from path disclosure and remote SQL injection vulnerabilities.
a1231cc70d23013c5b6dcfa56742928cb5e5ed4c728f3a8a3d6241b630481810The Joomla Collector component suffers from a remote shell upload vulnerability.
1f428d79159db8e42cd96fdac387c73fc558a4ff2f664a62900a19d970b4bf9dClassified Ultra ScriptsGenie suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
330402dcde17b2be40735b218eeb93c609a2c4bcca73aacc321f5ac416d944adThis Metasploit module uses the Jenkins Groovy script console to execute OS commands using Java.
d399ceb32f8d20399dd647bec028b96de469f3d117d253352dc348ede3915dd0SonicWALL GMS/VIEWPOINT version 6.x and Analyzer version 7.x remote root/SYSTEM exploit.
c67e6d05a8d585f1484b8a0f270568483e1cd3458d88448b2156427211649cd6Novell NCP implementation in NetIQ eDirectory version 8.8.7.x before 8.8.7.2 pre-authentication remote root stack-based buffer overflow exploit that spawns a shell on port 5074.
32c040998e1527dec35f813c9b889b9b37755382c5ac1113f101e0a818d4b951Linksys WRT54GL version 1.1 suffers from remote OS command injection and cross site scripting vulnerabilities.
c747a4881fe6f7e8e70cf9b1b6b621bdf6fad806004ab724ba2805579af13185This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\\pipe\\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. This is updated by Sean de Regge to target the 30 Aug 2012 nvvsvc.exe build.
824e71b2ccad1dc6738764ed7ad37c509efaedb2901fd0a0583430d31a361995SonicWALL GMS/Viewpoint/Analyzer suffers from an authentication bypass vulnerability.
a7cdf9ef5dde0b877ce946cd1289e5066843249e2b56404241fd4a4fba9a3e72This is a denial of service proof of concept exploit that causes a core dump in Atheme IRC Services versions 7.0.5 and below with external logout as expressed in logout.c which is enabled by default.
0deefe5d0febf1e336a91778df62d8aab69c5036818f979f35f7097df18e9150Invision Gallery version 2.0.5 suffers from a remote SQL injection vulnerability.
ed37d1d30bc5e32cffffe67f79b1076b898251abcbe19d9253a19c72021169a4This Metasploit module abuses a command injection vulnerability in the Nagios3 history.cgi script.
2d998e6af394b654b4e6c4d7e3889f719c9559d52bd93cdc30862fc829af9295Cydia Repo Manager suffers from a cross site request forgery vulnerability.
de476f95f33b7e4ed3fc54b3a18c444f99d6ac86819b705cc6c81acd3c57ab35PHP Charts version 1.0 suffers from a remote code execution vulnerability.
64dbb04aef88e5fb2954ee4818a1aac7de41ecf55f1212bd08d0eddd49109241The Oracle Application Framework supports diagnostic and developer mode features that are intended to be enabled from developer or administrative interfaces. However, any user can manually enable the modes by setting the "OADiagnostic" or "OADeveloperMode" cookies to "1". Versions affected include 11.5.10.2, 12.0.6, and 12.1.3.
593d275e9cad209f5d011018dd31b2516f2313f9799e0b9003a957d008d05c0bSnews CMS suffers from a remote SQL injection vulnerability.
5775ab0b553da86a1cc2826df674d737c2e06a94325bab1d79b587b314e563f1phpLiteAdmin versions 1.8.x and 1.9.x suffer from remote SQL injection and path disclosure vulnerabilities.
0040b2134dfa5935dcd304cb28a4d32278bb7672c063c3ca3bef062b3e1fa1a7This Metasploit module exploits a vulnerability found in FreeSSHd versions 1.2.6 and below to bypass authentication. You just need the username (which defaults to root). The exploit has been tested with both password and public key authentication.
0272e1bc1c0f2058ce2f21fa14e3a0637074e73625db7d48068910d45f94ec8dNagios version 3.x suffers from a remote command execution vulnerability in history.cgi.
e9958b0f049ad1bc4400634ee8177ed434f1a56da56c38cae3879f16f2a207c8ProActive CMS suffers from cross site request forgery, cross site scripting, and open redirect vulnerabilities.
568536e08fe1d3043e92533be68c6b3916ff57e51f21738f12f3c95a131c5879Calendar Scripts A.M.Y. Ad Management software version 1.4 suffers from a persistent cross site scripting vulnerability.
dbe429afd6de011f44886c21fe1edb326a4cba20b589175b2428e96134dedff6phlyLabs phlyMail Lite version 4.03.04 suffers from multiple stored cross site scripting vulnerabilities (post-auth) and path disclosure when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site and displaying the full webapp installation path.
25a22286a3e4d3870db201532bda79c08d9029a4a99ca5c0e6401a0b64d439a1phlyLabs phlyMail Lite version 4.03.04 suffers from an open redirect vulnerability.
e2efd1237f90dd37c0ff5bd1942b229f2c99e62152e8cb32996850ddfbd117d8Ad Rotator AdPeeps version 8.6.9 suffers from a persistent cross site scripting vulnerability.
48c300e005d98feed67fa72d39434f6a96687806617cb2d96317389d6c70eb0c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed