Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 11 hours 25 min ago
There is a heap overflow in ATF image packing. The file included in this archive demonstrates the vulnerability.
This JXR file causes a heap overflow when loaded in Adobe Flash.
360 Total Security 2016 suffers from a dll hijacking vulnerability.
This ATF file causes a heap overflow in ATF processing in Adobe Flash.
Joomla Topics component version 1.5.12 suffers from a remote SQL injection vulnerability.
WordPress Lazy Content Slider plugin version 3.4 suffers from a cross site request forgery vulnerability.
Hide.Me VPN Client version 1.2.4 suffers from a privilege escalation vulnerability.
IPS Community Suite versions 188.8.131.52 and below suffer from a remote PHP code injection vulnerability.
Simpla Admin version 1.02 suffers from remote shell upload and remote SQL injection vulnerabilities.
OPAC KpwinSQL suffers from cross site scripting and local file inclusion vulnerabilities.
GE Proficy HMI/SCADA CIMPLICITY version 8.2 local privilege escalation exploit.
InstantHMI version 6.1 suffers from a privilege escalation vulnerability.
GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.
AWBS version 2.9.6 suffers from remote SQL injection and cross site scripting vulnerabilities.
RS232-NET Converter (JTC-200) suffers from cross site request forgery and weak credential management vulnerabilities along with unauthenticated access over telnet.
CIMA DocuClass ECM suffers from cross site request forgery, cross site scripting, direct object reference, and remote SQL injection vulnerabilities.
OpenFire versions 3.10.2 through 4.0.1 suffer from cross site request forgery and cross site scripting vulnerabilities. These issues are similar as findings discovered by hyp3rlinx but leverage different pages.
Wrapper classes provided by PrinceXML appear to suffer from command injection vulnerabilities.
Micron CMS version 5.3 suffers from a remote SQL injection vulnerability.
Teampass version 2.1.26 suffers from a remote authenticated file upload vulnerability that may allow for code execution.