Debian Linux Security Advisory 4370-1 - Two vulnerabilities were found in Drupal, a fully-featured content management framework, which could result in arbitrary code execution.
19597cd3a236f79ee9c72f3cd8088420c03ad571c26e58a8d090969020a661bcKentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.
9539232da19e15d0629fcca3bd000fa2358a6f53a457c9651cc76e622d7bb99dJoomla! version 3.9.1 suffers from a persistent cross site scripting vulnerability in the global configuration textfilter settings.
c5cc0f1c52753e525de144ab5284af0651605dbd15d031c02c60662412d3587fphpTransformer version 2016.9 suffers from a directory traversal vulnerability.
a20f11dd15b8e72aeae8a645d379b75411ac5e21fc1fd932d7f0be1028d00e99phpTransformer version 2016.9 suffers from a remote SQL injection vulnerability.
dc499c2b5fa802ab921ab2384b5fc06f44bf8808c09a04d96cba0439f19015edSeoToaster Ecommerce version 3.0.0 suffers from a local file inclusion vulnerability.
7788aad61eed6f8160a3fa89a6d8faf0a0ac7e757cf984cff2d61226a9f37a86DotNetNuke Events Calendar module version 1.x suffers from a file download vulnerability.
d1f15fdff9c3ce905cddafdc3c7a9f8010b8c470014491176215fee55f096cd8This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.
220bdda523afcc7f1ded8735ea03ed18dad447ecbc6744a6c32035e4ce3c5dfeSCP clients have an issue where additional files can be copied over without your knowledge.
2e1bec721a2818585cbf5ac96d1462844829f979b0d82bb420fdda7eae192719FastTube version 1.0.1.0 suffers from a denial of service vulnerability.
3fa51894c98a553d03409c682e8e62ee4f69ac628a867c98ecbafb112a1c7418Eco Search version 1.0.2.0 suffers from a denial of service vulnerability.
cf5d829a0663533fd39103b6ecb01e12a53a5de1c58d3da1556fed8e97a778c5One Search version 1.1.0.0 suffers from a denial of service vulnerability.
2a2c53a18924598c8ec0942691c15f53b767fd00df425cf09510f630e7a0a536VPN Browser+ version 1.1.0.0 suffers from a denial of service vulnerability.
a6306686ae4aebfcdcc5699e11df8d294d935fe5e81069369df294e196a604f77 Tik version 1.0.1.0 suffers from a denial of service vulnerability.
1f43961e76f1a1555f0eb8be0e1a228f7b962c12d3de3c634932127853d79bd0Watchr version 1.1.0.0 suffers from a denial of service vulnerability.
4e633773ca30d6e7a47eb02817397a5e37eb7466333fe674d0f767cdf5cc4227
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed