When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again.
905691265705b4759d72dab396f504f56f641ea40f5dc5bc5702ab0b07cd1d7fHotelDruid version 2.3 suffers from a remote SQL injection vulnerability.
11b38724d265b9e6530ac7b0289d6b09e9addb9791d2ed8364071749a56b6949Apache OFBiz version 16.11.05 suffers from a cross site scripting vulnerability.
c09820f730d19c9f69517cd82a60317de70691ae955494b62f571de021053379WordPress AutoSuggest plugin version 0.24 suffers from a remote SQL injection vulnerability.
9ae254553a2b2f473f0546a783c22f8dc823d28fef5baa1279d95f18d12cf2e3ThinkPHP versions prior to 5.0.23 and prior to 5.1.31 suffer from a remote code execution vulnerability.
f7e20d2a8ac1a511c88ba6dcd93cdc57528b015ebc0771753754ca00b620d5ebHuawei B315s-22 suffers from an information disclosure vulnerability.
2d4aa1c2293c9c5b40be0b5521cc53c7fee1572a7627085c37014fd899606e47Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability.
6d9b1d1741c77f9c05d013bc913c530aed0fc116578b9cea6fe2208f752cbb54TP-Link Archer C1200 suffers from a cross site scripting vulnerability.
83d143b569a1381efb2ee9cf7ad69b410982ab6e5989be1c3e0c98d39c56a91ePrestaShop versions 1.6.x and 1.7.x suffer from a remote code execution vulnerability.
3627f9c9ad956d71a59e5b9932d55d2dde63c5f37a57adfbfb055f2ae1be4e00Tourism Website version Blog suffers from code execution and remote SQL injection vulnerabilities.
08d68393fdf17e968b9f64ec06ec07b7102169f6a3cf22d3839d3778f4113bfdAlumni Tracer SMS version Notification suffers from cross site request forgery and remote SQL injection vulnerabilities.
6913eaef25862e005d06defd02909d8a38e4844c8db9f86e7a6ea3f946ec621a95 bytes small Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) null-free shellcode.
680426a3f5a1bca289c7211b9fde035fd3ea3ff2cefde80c678d8fa8c9c28153Whitepaper called PHP Source Code Analysis. Written in Turkish.
eed125e2cc2676aec303d76c9979e0735faf36491551cb904ab2c7ddf56da611SmartFTP Client version 9.0.2623.0 suffers from a denial of service vulnerability.
dc56515c3028781328190b3d2cf17b3af2d7c3b9dcc78f05706d35bd8e7b9e11LanSpy version 2.0.1.159 suffers from a local buffer overflow vulnerability.
bb37180f175fcc54609b54bad13017d3419222c28f7481f5913778903c25cf7bPrinterOn Enterprise version 4.1.4 suffers from an arbitrary file deletion vulnerability.
03bd58d699a1641571b06266f49cf4355cadc56b6f6b93031bbb8cfa2f7b8a44CUPS generates session cookies srandom(time(NULL)) and random() on Linux.
3b69505f07ce22a5883565aef22b4c6989365de343f9d6a0d32ff53d8c0cdb06Linux userfaultfd bypasses tmpfs file permissions.
1b8d3ce7875318cd21ad32bec57be7ed660168064accdd2e8a8b60fc13d6aadfThe Logitech "Options" craft websocket server has no authentication.
7c7de89f583ea659585f3e8dd4650ee29fa605c5b894ccd2a63a5c8f78b1c7daWebKit JIT int32/double arrays can have proxy objects in the prototype chains.
b72e0f1dda78c9271d153bfcea2251e8e8076edf33feb8f85efce34262d3b258Ubuntu Security Notice 3844-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. Various other issues were also addressed.
5381a46fa222c6954f33d32c8b26fe2c3b1a4a79cb6b08419a803edb1c68022eThis Microsoft bulletin summary lists CVEs that have undergone a major revision increment.
3a9eb085438649d691cd34a1ff123cec54b8f2d5ab71bb7ffe8d4e7ca8526f31This Microsoft summary lists Microsoft security updates released for December 11, 2018.
3037b9036c07dd62bf3842538d5dd2a588a3e4bec93c116a08129eb9b7ca1535This Microsoft advisory notification includes advisories released or updated on December 11, 2018.
ba7bfa0c3a819af5c6743a5b46e01018e37602efba5e1d72cfd4334d6904635aThis paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.
778d2218c137533f1b5a870d4881b65e376de7c26bbe92fcc05d05af21c7c1e1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed