Sellacious eCommerce Shop suffers from a persistent cross site scripting vulnerability.
196ab4b61f5e94a2f03aa875f07eba9b1953c199d6022d1281f851d7e3335a34Tryton version 5.4 suffers from a persistent cross site scripting vulnerability.
4c96fa3580b6561a60b15f2a32d8b9788f1fa4ce3f568b13baef2a4e31f1a2c9Remote Desktop Audit version 2.3.0.157 suffers from a buffer overflow vulnerability.
a873dd3a0f2c89613633590531ec9153a6c1897d765684d348e6738c5e833244Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).
12e3b974b7cb427087439bf5f922afb373bca8c3346525b183f6422b28801319This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs. Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has been confirmed exploitable.
dcae513897070a9218f0bedaca27c407e24184902dfdcf5421907f51081acf14This Metasploit module exploits unauthenticated access to the runner() and _send_pub() methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager versions 7.5.0 through 8.1.0 are known to be affected by the Salt vulnerabilities. Tested against SaltStack Salt 2019.2.3 and 3000.1 on Ubuntu 18.04, as well as Vulhub's Docker image.
8a5e7d31040e1c21ab99f881d936f3d17aadab8f8786980255feab1b1b628534Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.
5e0cb4cf3dda82ee681cc340b6ee9c3fd167c5e730a49ac40effd6914c779db6Adobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.
10f9d909a875c4ab314d16a0b9077d0dc02afff41825b02a198cf4fd6e780afdLanSend version 3.2 suffers from a buffer overflow vulnerability.
aea9ad2b46bc92ead403dc4a49108f5c7b285ef6a058e44d905615a2e913ba0fqdPM version 9.1 suffers from an arbitrary file upload vulnerability.
29677c9aeba89af9fcf295f75937caccf52029e7fa9463e55173aedd624ed875Cisco Digital Network Architecture Center version 1.3.1.4 suffers from a persistent cross site scripting vulnerability.
b79e78cd34f779177fdeb2527036085286faae53fc72ed9b3b21853e608b7b38CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.
1bf71f9d33300d7dc2cc4132c6b15db181f3b4df8f6712432611c28b8929c56amacOS 320.whatis Script suffers from a privilege escalation vulnerability.
e578f65b68fcf2548e910793e37c196e060d6250ff94cec53221209d10a3ca20TylerTech Eagle version 2018.3.11 suffers from a remote code execution vulnerability.
966770ccb06e6f9e5ff875bbd6fc8578e03727384a0fee39d60912d09e63779bWordPress ChopSlider3 plugin version 3.4 suffers from a remote SQL injection vulnerability.
cfc7ba3799b36c678dc3edc35d0a5f83e09a6b543c87ba67384476ee4398aafaOrchard Core version RC1 suffers from a persistent cross site scripting vulnerability.
72a8a68f1801a2b8f14ac871496aa71b35ce4dcde4dcdf45516856143cc7c333Chrome suffers from a Typer::Visitor::TypeInductionVariablePhi type inference issue.
97541b515f1146557567913a8db64be5813d2b15b948ea1105c9e3337c28233aLibreNMS version 1.46 suffers from a remote SQL injection vulnerability.
1925a6d2f57f543b740400ab21ad9ed57e19ccefe92a7f9e83906f831716b8b6Complaint Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
35d2440e75b29d83a0dc93efd0b52bb8c57d111f48e476305cfc5e54be780362CuteNews version 2.1.2 suffers from an arbitrary file deletion vulnerability.
37c5678fdbbbfaf9881b385d209475aaecc9505027b0b083c1f4c986bfdb3f5cVictor CMS version 1.0 suffers from a remote SQL injection vulnerability.
e097b919f522cb4207e78c3be4ec2486e33cb823cd9a4dc313b72d15f034f71dOnline AgroCulture Farm Management System version 1.0 suffers from a remote SQL injection vulnerability that leverages the uname parameter.
0b7382ff7d0d2dda843490019b9f07be87c98f317b10819dc149aaff71db39f2Pi-hole versions 4.4 and below remote code execution and privilege escalation exploit.
24dbec0272280c917c4f6f1294f5d251879231087642729ccdd7a1b727a27cffPi-hole versions 4.4 and below suffer from a remote code execution vulnerability.
c400406dcb79630cf4da18e7a41e5e507d3715a4c57d6150947c2924a9d53b97Kartris version 1.6 suffers from an arbitrary file upload vulnerability.
1893df3860645717ed77b36829cd27018d61135d550260a8e7b0722461344c66
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed