Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 4 hours 50 min ago
FoeCMS suffers from cross site scripting, open redirect, and remote SQL injection vulnerabilities.
WordPress NextGEN Gallery plugin version 2.0.63 suffers from a remote shell upload vulnerability.
Raritan PX suffers from IPMI zero cipher and password hash dumping vulnerabilities.
Kanboard version 1.0.5 suffers from a cross site request forgery vulnerability.
Ntop-NG version 1.1 suffers from a reflective cross site scripting vulnerability.
OpenDocMan version 184.108.40.206 suffers from a stored cross site scripting vulnerability.
Zurmo CRM suffers from a stored cross site scripting vulnerability.
CMS ContWEB suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
EMC Documentum eRoom versions 7.4.3, 7.4.4, and 7.4.4 SP1 suffer from a stored cross site scripting vulnerability.
Kerio Control versions 8.3.1 and below suffer from a boolean-based blind remote SQL injection vulnerability.
Internet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 4.1.x bypass exploit.
This archive contains all of the 127 exploits added to Packet Storm in June, 2014.
IBM Algorithmics RICOS versions 4.5.0 through 4.7.0 suffer from cross site scripting, cross site request forgery, information disclosure, data manipulation, broken encryption, and various other vulnerabilities.
Gitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.
WordPress Theme My Login plugin version 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution.
IBM Sametime Meeting Server allow anonymous users to send arbitrary files changing the Content-type post. The file upload restrictions occur only client side. Version 8.5.1 is affected.
Horde Framework unserialize PHP code execution exploit ported from Metasploit.
Nagios Plugins versions 2.0.2 suffer from a race condition in check_dhcp.
Flussonic Media Server version 4.3.3 suffers from arbitrary file read and directory listing disclosure vulnerabilities.