Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities.
0f86dde8e1c44108d2214acb30772974903fb5e2efa4f23d272a62cd0ca53b09knc (Kerberised NetCat) versions before 1.11-1 are vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another service running on the targeted host. Proof of concept included.
5f21249af2b570413ccedbc2d38d69f7569143fd0ffd8e6431e4db2f29a7fb53WordPress Events Calendar Premium plugin version 1.0 suffers from a database disclosure vulnerability.
383704f897617826c4fdc3af390d64e0b37907bf08dcf05be37a493b309db2f8WordPress WP Complete Backup plugin version 3.0.5 suffers from a database backup disclosure vulnerability.
92c09b8545a80266ce8ccfa5cf484366783c4ebfe56b74dc62f2ba6e956cb5ecWordPress Jazzy Forms plugin version 1.1.1 suffers from a database backup disclosure vulnerability.
9403666c8c643458d61b39b4df10497e4a2119781f40ecb04bbf328215296db3WordPress pm_market plugin version 1.0 suffers from a database backup disclosure vulnerability.
49057b9856f52e7c1326bb6a40eec2adce2781ea4cc9af44a1dd3056fcc88fb0WordPress wawp_framework plugin version 1.0 suffers from a database backup disclosure vulnerability.
8fbdbecfa3686c56da6732ca409952493ea81d7d040d9afd264b3e20d92f888bWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
93155b798544b2f07693920f4ac1b531c952965ee4eb1d98419961240177438aGentoo Linux Security Advisory 201811-21 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2o are affected.
c1d2c4c1f169d7444a8ec783ed15c7533f43aef45a89c4f6cbccef76230c09e9Gentoo Linux Security Advisory 201811-22 - Multiple vulnerabilities have been found in RPM, the worst of which could allow a remote attacker to escalate privileges. Versions less than 4.14.1 are affected.
dbe5366b678db36b941163032978eb4793921ab8f835a04b9d9232bde15f35a3WordPress Delme plugin version 3.0 suffers from a database backup disclosure vulnerability.
cdf0038016909bdc9fbbb6b0131d33c91251f0f21c5d2c20ada0f2c1d6a2a0d1WordPress user-spam-remover plugin version 1.0 suffers from a database backup disclosure vulnerability.
545976aab87512242d5f58cedab4af05cef9bd274b86805b2ce96fac81605ad9WordPress hwm_board plugin version 1.0 suffers from an arbitrary database download vulnerability.
92b1425f6c23ab281b94eb21d5263e062608fbbdc2a35ca2c23fdcc9108ea18cWordPress uploadingdownloading-non-latin-filename plugin version 1.1.5 suffers from an arbitrary file download vulnerability.
53d7a94a9e18f3b4caddffdf4610c695553544082472c38337520f6df805ee5eWordPress sermon-shortcodes plugin version 1.0 suffers from an arbitrary file download vulnerability.
219e65b364ab6c17799bc19d5963a1260774c9cf1f4e1d23c741dfdb9ef8ff14WordPress allow-l10n-upload-filename plugin version 1.0 suffers from an arbitrary file download vulnerability.
ec3365bc1a665d76c716098268b6ade37ed13bab4bfe312cbba37e0708d626fdJoomla Event Booking component version 3.8.3 suffers from a database backup disclosure vulnerability.
9acbedfbb61ff2ca14e2453561fdf51bad8d74534c4e7896822e5b073624529dJoomla DJ Image Slider component version 3.2.3 suffers from a database disclosure vulnerability.
73183e225d7b9669b460d103ab9a3882cac5bf20a75484bbdc8c64af23c4f484This whitepaper focuses on attacks related to CORS, or Cross-Origin Resource Sharing.
3a51921a22b49222f2339d96c3e7837e52892458d3faf88b15a8ebdbd8876cb4Joomla Fabrik component version 3.9 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.
1913b5395f0c68ac87d24dbcb440be3c830667b96bebeb7c0a20df74aa059240It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the localhost by dropping a python script on the local file system. Unitrends stopped bpserverd from listening remotely on version 10.
78074b1701e40ea4ef9e046d50ffaa646aa27cf4177d6b17c6371f5f32a674b7Ubuntu Security Notice 3830-1 - USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem.
166b04353de713beab9d08eea9a06f119e07b1b80978dd2605262a24dc29f7b6Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).
31d5f9ccd80e2ae52f634417dc51d4efec799681af5b520ee3732b3908bb345dFreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server.
10bcc1748ee3a9d625fa8d7384fa8357ec3df2199059cc67ec2a7fe57ef95a19Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
dd46625edf20ec566996b733efec4fa6ab1a394f429074cafd338ed82f2fc1bc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed