HideMyAss Pro VPN client version 3.3.0.3 for OS X suffers from a helper binary (com.privax.hmaprovpn.helper) local privilege escalation vulnerability.
37f5fa5c2d88399f63a027e0edcd1f34ea06dd428dfe8989bd994c0a70a3511eHideMyAss Pro VPN client version 2.2.7.0 for OS X suffers from a helper binary (HMAHelper) local privilege escalation vulnerability.
afad6aec8c41a7fdc2956fc606d1e979cc75e625296147faf54c0cf49979be05WordPress NewStatPress plugin version 1.2.4 suffers from a cross site scripting vulnerability.
7c108faa4ca8dddf9f064f7783bf3ebce50dfd2ce2aaceaacb9bc81f23b9d71cosTicket version 1.9.12 suffers from multiple persistent cross site scripting vulnerabilities.
c97da578520b0fab8d0625cbd24015f598369f9b2be34ed0c37ea35a53f87da2WordPress version 4.5.3 suffers from a cross site scripting vulnerability when an uploaded image filename has a malicious payload inserted.
6c769e43df4a37ca6174acc074f7d745829325d0add7f2fe561108492c4e03bfWordPress WooCommerce plugin version 2.6.2 suffers from a cross site scripting vulnerability.
a5f0af318f11ee0e790f9fb5900db8a34e7b925b850843f7eeed1f9c5e73b2f8WordPress Ninja Forms plugin version 2.9.51 suffers from cross site scripting vulnerabilities.
7736356de45c70b551bfad1e9d2f465f4af57ee30034f6cbddf58e14110df94cWordPress Activity Log plugin version 2.3.1 suffers from a cross site scripting vulnerability.
44d3c110001dcf64ab0c4de151258da4979819c57f20768b01dda988930324b4WordPress Live Chat Support plugin version 6.2.00 suffers from a persistent cross site scripting vulnerability.
203bd383c9f3fed80a99fa6ad0b0ad8f03bcf156222eb506d8f5e0754976fc74Synology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.
c2bfa3b4753d3bfb8fc02e1ef6ea305c761e7d81544de79d1fd8cda1c49d9791Synology Video Station version 1.5-0757 suffers from remote command injection and SQL injection vulnerabilities.
ac383a126c2810f16ff4b122239d9b71076731a6600a7af65e183e0544582edcIt was discovered that the server certificate validation checks performed by EMC Secure Remote Services Virtual Edition are insecure. Weak certificate validation allows attackers to perform a man in the middle attack against ESRS connections. This allows for eavesdropping on, and spoofing of provisioned devices in ESRS VE (including but not limited to home calls to the ESRS portal esrs.emc.com). Versions 3.02, 3.03, and 3.04 are affected.
895ec0911f275467cdc882bab4fd519470eb66160a1c9ff1d02204173cd0bc37A command injection vulnerability in Citrix NITRO SDK's xen_hotfix page was discovered. The attacker-supplied command is executed with elevated privileges (nsroot). This issue can be used to compromise of the entire Citrix SDX appliance along with all underlying applications and data.
8363fa8786b4f33fcb611c65253aae741117e855eaa1f0692b41e980dc0efd9eIt was discovered that the help pages of Citrix VPX are vulnerable to cross site scripting.
d441a8929d46f3b81888279baadee2699e3507b40eda951a86945b935b33baacA cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.
33744821fe7b647214982e21e9c2f3008a42466359ddb11e760b84a946ef3f56It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
85d89d3569e65de31b41ef51ec733b7638c8cddd02e54405362cc915a3cf0ba9An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.
bb6357690b58aa6a4b191b7aa985885a9140da18129605a49ab28a5d5f94739fA command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.
25bdb20a5f5b3d42c931790e6cd29e66b72b1f64447adff01728369675f2c580A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
25a0b7a9df5cc011236dd7a3b788dfc90ab7e490e99ee01ab27b7e427abbf1f4A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
7668d0639a82fb6e91ad48888c3d7bd515ca0ed072a654718c3c05f3099551fcA cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
0b2a8f256d6e1bbff59fe9299dff71fea85a0647f548112aeca2df8c229f8efcA cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
e753a3139ef1cd1757ba424112936d43b543c6cc2b2a4b844aa489ad404f66c3A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.
141134491cadd7c74cea4c79f049a63533385f6a32812f238cead4440d47eda3It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.
65939691ebbc97cc1c48cec0c147e8482d72899a48cea80d719973492c299369It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.
b874a1afbc5b38698999dfd742cae4cdd0e36be6fccb7cf1fd8d2189a3baeebc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed