Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 22 hours 47 min ago
Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.
Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.
ZXDSL 831CII suffers from a cross site request forgery vulnerability.
IP.Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
X3 CMS versions 0.5.1 and 0.5.1.1 suffer from cross site request forgery and cross site scripting vulnerabilities.
ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.
Password Manager Pro versions prior to 7.1 build 7105 suffer from multiple remote SQL injection vulnerabilities.
Another WordPress Classifieds plugin suffers from cross site scripting and remote SQL injection vulnerabilities.
This Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.
PayPal MultiOrder Shipping suffered from a persistent cross site scripting vulnerability.
BookFresh suffers from a persistent cross site scripting vulnerability.
OX App Suite versions 7.6.0 and below suffer from a remote SQL injection vulnerability.
SeasonApps iTransfer version 1.1 suffers from a persistent script insertion vulnerability.
ZTE ZXDSL 831 suffers from multiple cross site scripting vulnerabilities.
ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.
ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass.
MINIX version 3.3.0 suffers from multiple local denial of service vulnerabilities.
XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities.
JExperts Tecnologia / Channel software version 5.0.33_CCB allows for authorization bypass / privilege escalation via tampering with parameters in the GET request.
JExperts Tecnologia / Channel software version 5.0.33_CCB suffers from a cross site scripting vulnerability.