Thatware version 0.4.6 suffers from a remote SQL injection vulnerability.
b0e3574efe847d4e2f332f5438f958dbc0e42c3ad315c23ea82f30298ead5324This Metasploit module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This Metasploit module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using dynamic render paths. Also, the vulnerable target will need a POST endpoint for the TempFile upload, this can literally be any endpoint. This Metasploit module does not use the log inclusion method of exploitation due to it not being universal enough. Instead, a new code injection technique was found and used whereby an attacker can upload temporary image files against any POST endpoint and use them for the inclusion attack. Finally, you only get one shot at this if you are testing with the builtin rails server, use caution.
2fbf26de370b698bb74efc1d6c0140ccae69af739b14f4d4a7e3f03d0f400ca5Ubuntu Security Notice 3103-1 - It was discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Hanno Boeck discovered that DBD::mysql incorrectly handled certain memory operations. A remote attacker could use this issue to cause DBD::mysql to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
da5e68e57b7fabe8ed110134570d5b604edd24d7d2aea42f4cda4995b2d7cf88Ubuntu Security Notice 3102-1 - It was discovered that Quagga incorrectly handled dumping data. A remote attacker could possibly use a large BGP packet to cause Quagga to crash, resulting in a denial of service. It was discovered that the Quagga package incorrectly set permissions on the configuration directory. A local user could use this issue to possibly obtain sensitive information.
791bc0d8fd5a75d438e274cb9cd9cbde77f7f714f6d26ae6110b82c92af7c080WordPress Newsletter plugin version 4.6.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
9cb12cdbcaf17c9df0d53118baf5921f395e74d64b4f4850784c04d99754e56dSimple Blog PHP version 2.0 suffers from a remote SQL injection vulnerability.
21f6a6aadaa0bf85ea8a973078fa5124f005f4d29b8c7202c26b3a8ef746f0d7Simple Blog PHP version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
dbf0d102e9f3e34c16c2fd12e85ad25a57d67bd13cb65d598b28cd2cc1650b4fInsOnSrv Asus InstantOn version 2.3.1.1 suffers from an unquoted service path privilege escalation vulnerability.
e59ff17712ec1640abfc4946a392fbd3a55062654f935ab2b9aeebe202e643f4ASLDRService ATK Hotkey version 1.0.69.0 suffers from an unquoted service path privilege escalation vulnerability.
f0169ae282a3777b8217770b45aa25a852cf2282021f467c94f3cba60ac24249Colorful Blog suffers from a cross site request forgery vulnerability.
43fdeb5945dd3e2484942f144c3cb8525379481e3213c23b70c389c0f92b58d1ATKGFNEXSrv ATKGFNEX version 1.0.11.1 suffers from an unquoted service path privilege escalation vulnerability.
ac750d062ae11ff566fbcf5f5b8c2b7366b11612c94aca1e19b888265ff1d8f1Colorful Blog suffers from a persistent cross site scripting vulnerability.
4089f29aef88d38dcf421597427d4775437dca96743c0b464ff9d00a016e93d4Hotspot Shield version 6.0.3 suffers from an unquoted service path privilege escalation vulnerability.
711e67e425ec3861788f113f36618c50d4ca9bed727595d279f41e1f555726a1VOX Music Player version 2.8.8 denial of service exploit that leverages a malicious .pls file.
ee0d523d5fcdff0a4288a8fbd459143d65dfdd19b916cc65827f364273e2c463IObit Malware Fighter version 4.3.1 suffers from an unquoted service path privilege escalation vulnerability.
5ed9a4756f6448d31e1fd73ddfb706aac5ac52971a8ff8c4709cd5031fe46170Cisco Webex Player version T29.10 suffers from a .wrf use-after-free memory corruption vulnerability.
e0ff7bc989af814b4c67fc1a215c0c9c5b753220fb884757fa81ba1faab1c1c4Cisco Webex Player version T29.10 suffers from a .arf out-of-bounds memory corruption vulnerability.
a011619db8c6fd4ad93cbef076bea08ee8225e2099c8f79385d859e2926070b0Subversion versions 1.6.6 and 1.6.12 suffers from a code execution vulnerability.
48d11ae6c6eb0352e1e86df10e86921c48bc13c065d2995bdebf8dce47e3ac0fNetBilleterie version 2.8 suffers from remote SQL injection and information disclosure vulnerabilities.
67eb1173e9a47959be8afd57a92575f29b7bf96962b2ffe0ca8cac0b6a650b6aBetterCAP is a powerful, flexible, and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more.
d847391d5e920645692ad869afa0bbff270b11e26e73e839557fb9693c3513a6ApPHP MicroBlog version 1.0.2 suffers from a persistent cross site scripting vulnerability.
54f9a6408d7424239c925526926536e2bfbb7e2c80a0aa8a513e71814f9a3a60phpEnter version 4.2.7 suffers from a cross site request forgery vulnerability.
49bb885ad666d6da962ec53c3f444aa37daa752444043ddd36b6825d30d1d904ApPHP MicroBlog version 1.0.2 suffers from a cross site request forgery vulnerability.
faf4a4d612af6d00bbccdd90bb42758a9277cf14a23bd894d5b0a724197d1e22ApPHP MicroCMS version 3.9.5 suffers from a persistent cross site scripting vulnerability.
d1a235d5a1dc75162006146885d6250531498ba9dab147982ea073d8fbe25694BirdBlog version 1.4.0 suffers from a cross site request forgery vulnerability.
992746b4cfb02ebc0196c376ff384f61170a822fc140f6ce4edf5a6fc4ac0025
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed