Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 11 hours 26 min ago
ClassAd version 3.0 suffers from a remote SQL injection vulnerability.
espn.go.com suffers from cross site scripting and open redirection vulnerabilities.
Concrete5 CMS versions 5.7.2 and 22.214.171.124 suffer from multiple reflective cross site scripting vulnerabilities.
PingFederate 6.10.1 SP Endpoints suffers from an insecure open redirection vulnerability.
There's a simple hardware hack to fool the sensor so that you can use any K-Cup on a Keurig 2.0 machine. It is pretty obvious, but having seen this written up, it had to be posted.
IceHrm versions 7.1 and below suffer from cross site request forgery, cross site scripting, local file inclusion, and code execution via remote shell upload vulnerabilities.
Flat Calendar version 1.1 suffers from an unauthenticated html injection vulnerability that allows for cross site scripting attacks.
Adobe's get3.adobe.com site suffered from a reflective cross site scripting vulnerability.
PBBoard CMS suffers from a persistent cross site scripting vulnerability.
WordPress Ajax Store Locator plugin version 1.2 suffers from an arbitrary file download vulnerability.
CMS Made Simple can have its install functionality leveraged to insert a malicious SQL statement that allows for command execution pass through.
Douran Portal suffers from a cross site scripting vulnerability in Slider.ashx. Note that this finding houses site-specific data.
Coinbase suffers from a user enumeration vulnerability that can also allow for email disclosure. Proof of concept code included.
The NASA Orion (Mars) website suffers from filter bypass and persistent cross site scripting vulnerabilities.
OpenEMR versions 4.1.2(7) and below suffer from multiple remote SQL injection vulnerabilities.
Proof of concept code that demonstrates an ASLR bypass of PIE compiled 64bit Linux.
PBBoard CMS version 3.0.1 (updated on 13/09/2014) and below suffer from multiple remote SQL injection vulnerabilities.
Advertise With Pleasure! (AWP) versions 6.6 and below suffer from a remote SQL injection vulnerability.
Cart66 Lite WordPress Ecommerce version 126.96.36.199 suffers from a remote blind SQL injection vulnerability.
Google Document Embedder version 2.5.16 suffers from a mysql_real_escape_string bypass SQL injection vulnerability.