Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 23 hours 13 min ago
USB Pratirodh suffers from an XML external entity injection vulnerability.
Skype version 22.214.171.124 suffers from a dll hijacking vulnerability.
Microsoft Windows suffers from a LoadUvsTable() heap-based buffer overflow vulnerability.
Readymade Job Site Script version 3.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Freelancer Script version 4.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
FTPShell Client version 6.53 buffer overflow exploit written in python.
ASUS PCE-AC56 WLAN card utilities (PCAUSA Rawether Windows 10 x64) local privilege escalation exploit.
Joomla Vik Appointments component version 1.5 suffers from a remote SQL injection vulnerability.
Joomla Vik Rent Items component version 1.3 suffers from a remote SQL injection vulnerability.
Joomla Vik Rent Car component version 1.11 suffers from a remote SQL injection vulnerability.
This Metasploit module exploits a vulnerability in IBM's WebSphere Application Server. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, which allows remote arbitrary code execution. Authentication is not required in order to exploit this vulnerability.
This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.
Microsoft Windows suffers from a COM session moniker elevation of privilege vulnerability.
Adobe Flash suffers from a heap overflow vulnerability in AVC header slicing.
Adobe Flash suffers from a heap overflow vulnerability in ATF Planar Decompression.
Adobe Flash suffers from a heap overflow vulnerability in ATF thumbnailing.
Adobe Flash suffers from a use-after-free in MovieClip attach init object.
Adobe Flash suffers from an out-of-bounds read in metadata parsing.
b2evolution version 6.8.8 Stable suffers from a remote shell upload vulnerability.
It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).