TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application.
87daef249524395b391c7767b295ddf96c40db5d4fbd376c76c034cc5844d043The BMC Network Automation allows authenticated users to hijack established remote sessions of other users, version v8.7.00.000 b383 u038 was confirmed to be vulnerable.
3d15c4f8be6b2d9910c5af59812a7ff1dc6e9e70f54d19034887282552279829BMC Remedy and ITAM versions 7.1.00 and 9.1.02.003 suffer from multiple information disclosure vulnerabilities.
f91d23df9bc0097fffb3bf5213fe0b8005c3a4f47d501ca62b6106eeb36a9b3aCouchbase Server allows for authenticated users to send arbitrary erlang code to diag/eval.
bee84c02eb590cd8afe480b2cb7df7bef5b42effc8121d3c4052343f9ea1a3dfBomgar Remote Support Portal (RSP) suffers from a path traversal vulnerability.
198c0a663e903151778dba0bb70bdc8962d81bbecba75ce4118877f409e1811dThe ModSecurity for Nginx "non-release" version suffers from a use-after-free vulnerability.
d9207b29252240c7674a132fbfa13cc88942175716e3707ba61e89b39606af89The Kaseya Virtual System Administrator (VSA) agent "AgentMon.exe" suffers from a local privilege escalation vulnerability.
ae389b3de0f2ff85eb73501729ef4cc6e3a1d36853d5c2a3572be96e3b97a4e0openssl_seal() is prone to use uninitialized memory that can be turned into a code execution. This document describes technical details of the journey to hijack apache2 requests. It is a very well written and thoroughly documented piece of research.
7328b4676384b96b2489eec8e7c79cb066123cadf924ac7ffb3cdc3f203e52c4Varnish Cache version 4.0.3 suffers from a buffer overflow vulnerability.
2b10a0518f442a736ea3e86364fcb47251a1b0e1853674a11d5a6b920b9b9cd1The Sourcefire Defense Center(R) versions prior 4.10.2.3 were found to be vulnerable to arbitrary file download, deletion of files in a specific directory, persistent cross site scripting, and database access using default credentials in some circumstances.
a9d7e313e24a1fb445e3a80c7afeab9310471eba9fc7f977406b4e4c4934ed50RSA enVision 4.x suffers from remote SQL injection, cross site scripting, authentication attempt restriction, and hardcoded credential vulnerabilities.
766d4e2a21af4ed52778ae2efdfcd577ce82c1423642cde3c2a93b082e130048Splunk suffers from cross site scripting and denial of service vulnerabilities.
ddfc14ed113370c19fa721dd478402ae1860dca25d896e9d9263eea9a41993eePHP socket connect() stack buffer overflow proof of concept code.
6abcba91bf7177e20f4ef770653563e589f25adaafe8dc216b107fff5b5e35b9NitroSecurity ESM version 8.4.0a suffers from a remote code execution vulnerability.
5a5dff0296b475d5d8af442fad48c87fe0e18e612bc44dab86e13d7fc361a66cVirtualmin versions prior to 3.703 suffer from symlink, cross site scripting, anonymous proxy, and various other vulnerabilities.
e2ec5ef0262064584f5fe32a3a03e415f58f630f9cbec3e0bab5ae8bedad7ddeThe Axesstel MV 410R protects from malicious input by leveraging javascript, allowing an attacker to bypass all of this easily. The device is also susceptible to permanent cross site scripting vulnerabilities.
1a88d38ba784963b4eb593ef3e74f8894da4cf2c1c216b8940603ecd94a82417ZoneMinder versions 1.23.3 and below suffer from command injection, SQL injection, and cross site scripting vulnerabilities.
55a64e531a978647b9439767a88f9de3c18cf64e5e2d817d8d467293e12ac55dMultiple cross site scripting and SQL injection vulnerabilities were found in Inetmedia's web services cityinfo.pl and cityaz.de, which my be exploited by attackers to gain confidential information and/or modify the database.
75f8727ef771eee315605520f22f5035089f32572f68229450267bfd4ae19a0d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed