Adobe Flash suffers from an image inflation information disclosure vulnerability.
f493149efdecbbb22f1232ce036cb91ea06d22c82a1a6023823696fbeaf4aa79Adobe Flash suffers from a sound playing overflow.
121d28c815ac4c390f122974863648dbf5ab9bc6364b3683c8771981c77849e7Adobe Flash suffers from a slab rendering overflow.
af3c64e998a4ba846e3dd28e780e824c4906f8f0531d6a873cc5c30f0abc8224This Metasploit module attempts to gain root privileges on Deepin Linux systems by using lastore-daemon to install a package. The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary system packages without providing a password, resulting in code execution as root. By default, the first user created on the system is a member of the sudo group. This Metasploit module has been tested successfully with lastore-daemon version 0.9.53-1 on Deepin Linux 15.5 (x64).
a706b1ff8cc422f8ab6dcfbc87aff49d205b6c1b24a7e6349abee90bb93b40feThis Metasploit module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This Metasploit module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote shell. This Metasploit module was tested successfully on an ASUS RT-N12E with firmware version 2.0.0.35. Numerous ASUS models are reportedly affected, but untested.
0fd9b3969b4bf0e960fb66268aea32b78e442d90a8d93e78895e7611291a8f43Drupal Avatar Uploader module version 7.x-1.0-beta8 suffers from an arbitrary file download vulnerability.
4cf85788db1bd1ddd89e069c2f58b01ca89ff2e43c554bce7aa6ad89915e6981Chrome V8 JIT suffers from a NodeProperties::InferReceiverMaps type confusion vulnerability.
8f66586231cd91aa2a08984a14f3311417775c1a4895253e34a83ed442b29952DrayTek Vigor ACS server, a remote enterprise management system for DrayTek routers, uses a vulnerable version of the Adobe / Apache Flex Java library that has a deserialisation vulnerability. This can be exploited by an unauthenticated attacker to achieve remote code execution as root / SYSTEM on all versions until 2.2.2. Exploit code included.
60c785cb65ea73995e98356a426bb3d66989648127e57b852b5e6e7136b2cfa1Microsoft Internet Explorer version 11.371.16299.0 suffers from a denial of service vulnerability.
aa89751f41c7ac981bc2efac8958af3bcef9d8eab8371f01149940d332da7df8Cobub Razor version 0.8.0 suffers from a path disclosure vulnerability.
b6f93be6803ee1026af40c31c1c44445f8b8868e618dcd86f542161b832b5d8aSeagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffers from a persistent cross site scripting vulnerabilities.
e781553767030bf98f0d576bce042a246fa79981a84c0cfb754a87a6669dfce7Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from a path traversal vulnerability.
5ef896e7b37cb5ccba017088977b813090cb4b99b1764b4ea351316ab3dd7a44Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 allows for moving of arbitrary files.
c10b30b886d514c80a6e95c583657ad577f538056af82102f47d7c966c1721fdThe enlightened Windows Lockdown Policy check for COM Class instantiation can be bypassed by using a bug in .NET leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
6472ee6172948afddeda0672cf9b60975d9a244ee152920a06d2b4c956e58bbfDigital Guardian Management Console version 7.1.2.0015 suffers from an XML external entity injection vulnerability.
7cec0fd3e8efd19ae243d045d84667f65746f0c3315377e8314d97b5817a1fc7Digital Guardian Management Console version 7.1.2.0015 suffer from a server-side request forgery vulnerability.
f1b0b22b704b5604dddfeb0b710a6726a23262722923f328e058f820cb584addLutron Quantum versions 2.0 through 3.2.243 suffer from an information disclosure vulnerability.
6328339a48c0fa2a65575ff54b997e175b5acc99ddbc3b76945e34e07a2fad96WordPress Caldera Forms plugin version 1.5.9.1 suffers from a cross site scripting vulnerability.
5ba544e8afc1bd3b2ce994ab5600e72cb1ca79a17152a722178a125e25528c4eFacebook Graph groups crosswalk user's metadata mapping weakness demo proof of concept script.
2fec004a3acc305a371175f91db5554d47f38b1459d46aea1e5a5eeda02760fbJoomla JS Jobs component version 1.2.0 suffers from a cross site request forgery vulnerability.
7567b0061def93cea876d101656abf7f8c7e7f1e0377907414e206e95519fad6Geist WatchDog Console version 3.2.2 suffers from cross site scripting, XML external entity injection, and insecure file permission vulnerabilities.
d918f241ee6c7025f29ccf1f1cb519560eb23c715777ff59995bc0cdf7a81280Match Clone Script version 1.0.4 suffers from a cross site scripting vulnerability.
ee625dc32adf3c3bb852803ae72fbd6b749b28248918ed8571f7e82f5b74fa62Rvsitebuilder CMS suffers from a backup disclosure vulnerability.
1f4b8a57f8aa3f2ecc98c3d36be64d9983bb406692afcf47966f1293af78a675MySQL Squid Access Report version 2.1.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
cbe30d6907b93bb949d78cd6be272974741d9bc7e24f6af3e6d7f45b78e0342eVX Search version 10.6.18 suffers from a local buffer overflow vulnerability.
9997109339be1946db235369c69d98ee1f0a47876fd91cf3f0b42206417b38d3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed