Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 20 hours 10 min ago
Dell SonicWALL Secure Mobile Access SMA version 8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
Dell SonicWALL Network Security Appliance NSA 6600 suffers from a reflective cross site scripting vulnerability. Versions affected include NSA 6600 running SonicOS Enhanced 126.96.36.199-31n, WXA 4000 running 188.8.131.52-07, and SafeMode 184.108.40.206.
Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.
Dell SonicWALL Global Management System GMS version 8.1 suffers from multiple cross site scripting vulnerabilities.
Dell SonicWALL Global Management System GMS version 8.1 suffers from multiple blind SQL Injection vulnerabilities.
WordPress Templatic plugin versions 2.3.6 and below suffer from a remote file upload vulnerability.
SwiftMailer versions prior to 5.4.5-DEV suffers from a remote code execution vulnerability.
Joomla aWeb Cart Watching System for Virtuemart component version 2.6.0 suffers from a remote SQL injection vulnerability.
PHPMailer versions prior to 5.2.18 remote code execution exploit. Written in python.
WordPress Simply Poll plugin version 1.4.1 suffers from a remote SQL injection vulnerability.
PHPMailer versions prior to 5.2.20 zero day remote code execution exploit. This bypasses the CVE-2016-10033 patch.
Popcorn Time version 5.6 suffers from a dll hijacking vulnerability.
WordPress Image Slider plugin versions 1.1.41 and 1.1.89 suffer from an arbitrary file deletion vulnerability.
PHPMailer versions prior to 5.2.18 suffer from a remote code execution vulnerability. This archive consists of the full advisory and also the proof of concept code.
PHPMailer version 5.2.17 suffers from a remote code execution vulnerability.
Wampserver version 3.0.6 suffers from an insecure file permissions privilege escalation vulnerability.
Joomla! Blog Calendar versions prior to 1.2.5 suffer from a remote SQL injection vulnerability.
This Metasploit module exploits a missing check in the get_user and put_user API functions in the linux kernel before 3.5.5. The missing checks on these functions allow an unprivileged user to read and write kernel memory. This exploit first reads the kernel memory to identify the commit_creds and ptmx_fops address, then uses the write primitive to execute shellcode as uid 0. The exploit was first discovered in the wild in the vroot rooting application.
FTPShell Server version 6.36 .csv local denial of service vulnerability.
XAMPP Control Panel suffers from a denial of service vulnerability.