Worktime version 10.20 Build 4967 suffers from a dll hijacking vulnerability.
75b669236d4cdf590b41f5e2e34e3a5f52dcab22e87d13aa5e16785b4c652372This Metasploit module exploits an authenticated command injection vulnerability in the SonicWall SMA 100 series web interface. Exploitation results in command execution as root. The affected versions are 10.2.1.2-24sv and below, 10.2.0.8-37sv and below, and 9.0.0.11-31sv and below.
0ce8774c4d2bc66ac41f71ecbff4807d4b19a6c901b562b9cc8fa6b0d492c6beChrome suffers from a memory corruption vulnerability in IPC::ChannelAssociatedGroupController due to interface ID reuse.
23b2104d82495d408d6c49e60967e71884e4e77854a1cebb576ccad92a937b92The EFSRPC service on Microsoft Windows Server versions 2019 and 2022 does not prevent a caller specifying a local device path allowing any authenticated user to upload arbitrary files to a server.
69dcaa165fe62179a42fd16409e133c7034c05be0577fdf672a5a01f4c88b8f8Apple ColorSync suffers from out-of-bounds read vulnerabilities due to integer overflows in curve table initialization.
55736f35713879a403e9db74f555530baf0f44d465185f687162ed25742170f4RLM version 14.2 suffers from a cross site scripting vulnerability.
57ad193d561637ec4a808f6a4b45a152a2b8d6aad877e9acf2e23d71081e4d74Online Diagnostic Lab Management System version 1.0 suffers from an account takeover vulnerability.
8fb255fe4f6dca7bdf67bd7c3822520feadb1c87b5a00b1c36aaadc6d2e79817Online Diagnostic Lab Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
2b9055b3579475960b1bfce7d826d4704f0a8f8285951e40f9b5ba7f6c36dae4Online Diagnostic Lab Management System version 1.0 suffers from a remote SQL injection vulnerability.
d534fae8d3ba7995cb8d2c0f931eb5e90e138b44966628271c1ceb32d3ba6f03WordPress Core version 5.8.2 suffers from a remote SQL injection vulnerability.
290da5cda0c4555d189721910ddbcdad3d2627d4297306b55fc39785acd1346aHospitals Patient Records Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
c10f42216b4861f27cb9b8db08ea8c315599fc649932a62e479d34474a825fffSalonERP version 3.0.1 suffers from a remote SQL injection vulnerability.
7b3c8173a6dadc3b11b7d4583b0a200be4d6c11f50ab3a406a7f4e81ee040eeaThis Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic target delivers a Java payload using remote class loading. This requires Metasploit to run an HTTP server in addition to the LDAP server that the target can connect to. The targeted application must have the trusted code base option enabled for this technique to work. The non-Automatic targets deliver a payload via a serialized Java object. This does not require Metasploit to run an HTTP server and instead leverages the LDAP server to deliver the serialized object. The target application in this case must be compatible with the user-specified JAVA_GADGET_CHAIN option.
fb881ade3573c4c3970acc27f51ba1d3ac1aaff25446ea8e525ce3aca4d0ca4dCrestron HD-MD4X2-4K-E version 1.0.0.2159 suffers from a credential disclosure vulnerability. When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface.
2cdcf800ce58540afa4f5cf6fc99e149ababce5250885bbed00e0cc15d0c8f70WordPress Frontend Uploader plugin version 1.3.2 suffers from a persistent cross site scripting vulnerability.
31fdddd89c8c546e099a752449bf6d534e404e26ed3609d80d15dbb37db02350DMCA.com suffers from improper access control, persistent cross site scripting, and improper input validation vulnerabilities.
f9c2e08984f6bc9930ffb841c085d3f0b8e12d90c94c81c7a3fe48baafd08bd8Backdoor.Win32.Controlit.10 malware suffers from a code execution vulnerability.
07b9871a0695ac9e42db05fcbe7fd8354a48ddedd7ca4f6d6bf2baa67c698bbcMicrosoft Windows Defender suffers from a detection bypass vulnerability due to a sub-par mitigation priorly adopted.
b5337b4ff0ded5ddda0becffc0c9002fdf3288c10396de61b829b2dacbf22ab9Microsoft Windows suffers from a registration file dialog spoofing vulnerability and their last fix to this issue can be bypassed.
3d0c712557e8ea256ea96f38c4729251ae893ca640831654a5a638e72b4d841eLinux suffers from a garbage collection memory corruption vulnerability by resurrecting a file reference through RCU.
638d1db3f45bcd59a8ce424b7eb6551bbe0ff49ecd4eb9c767f096560f4687deOpen-AudIT Community versions 4.2.0 and below suffer from a cross site scripting vulnerability.
a10cd570edd5e66d5661fededcd4391a41661f6640e0b2921726ff74ac9ee9b3WordPress Contact Form Entries plugin versions prior to 1.2.4 suffer from an unauthenticated persistent cross site scripting vulnerability.
c6aa22feb391bfa611341a3207a48bd136366a08bc16032ddcc31ead2835bcf9HTTP Commander version 3.1.9 suffers from a persistent cross site scripting vulnerability.
fbd748c7080c9233fc86799095c771f71f2ba459d54321bcfae17425ad25bf4aOnline Examination System Project version 1.0 suffers from a remote SQL injection vulnerability.
8ddeb582f6b34d4e9699a8c2d4ee26488c0ac01fbade9d8e51122f2d924d71b2Online Resort Management System version 1.0 suffers from a remote SQL injection vulnerability.
c6700a48b2cca6e8a07c5724bbbe0f4a53b3033cdde82e1f50fdf125f909c4ac
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed