This Metasploit module exploits a remote command execution vulnerability in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. HP LoadRunner 12.53 and other versions are also most likely vulnerable if the (non-default) SSL option is turned off. By sending a specially crafted packet, an attacker can execute commands remotely. The service is vulnerable provided the Secure Channel feature is disabled (default).
0bfa24b3a3de55a83f6e1af498795fa6d0ddf8b35ad4a3fdfc280bd24cc80dd2The CoinPayments API in Bitcoin Cash Receive Payments version 1.0 suffers from a cross site scripting vulnerability.
5520c90d106da07152f64b4382bc6011a873590dcdad5ceb64bdd481d5d4236eWBiz Desk version 1.0 suffers from a cross site scripting vulnerability.
92320e858c586ecfa543bdc178dc71e91e7d058a9ad98001115f0ac1255ce93eJoomla Varista Education template version 2.9 suffers from a remote SQL injection vulnerability.
6675591b3afcdef31e1587359d40658b37453853137a99f01a11a7aa4c3136b3Joomla Jtag Minicart component version 4.1.0 suffers from a remote SQL injection vulnerability.
97b4e2c2eeb5824794805e41b513d4bd21530c913203d04be35830456956a8eaJoomla JomHoliday component version 4.0 suffers from a remote SQL injection vulnerability.
767a60fedf22258463462c31dbb04988eca5917d724629443f09f290f00b4a17Joomla JomEvents component version 3.7 suffers from a remote SQL injection vulnerability.
8ec01102ca4bf7a41a18826f9bf4806b3bccd4180059754b75020b6b4d11199aJoomla JomEstate PRO component version 3.7 suffers from a remote SQL injection vulnerability.
bfcf42072b9cf91da89830017ac194a66f4f7e2e705f86e3ecbd335e99a52824Joomla Jtag Members Directory component version 5.3.7 suffers from a remote SQL injection vulnerability.
d901d64738af4283912ae456b22303d55bea7e831289877bee031fc9b586d745Joomla SP Movie Database component version 1.4 suffers from a remote SQL injection vulnerability.
8579c18b406fe62a9ac7a7283024d897b7774d96f54913999501538d96849cfaGnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
401a3e64780fdfa6d7670de0880aa5c9d589b3db7a7098979d7606cec546f2ecLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
cb18e95e83c414ab36b125c9aa97c9a79b10a7cba2e94e622242611af5042ffbAnsvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
a6465c6ebdc9d2ee488e2f8e4ef6e93e8ae72c06bb4873aee84e3b20039b9f2dJoomla! JEXTN FAQ Pro component version 4.0.0 suffers from a remote SQL injection vulnerability.
b03cc3319d419173541167131fc23d93ea0ec2598c61146e15e27155593d1973This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell.
80ffaf7cb462642699e6294696050604e8ce8895cc84c13a29c4668c10b20da4This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.
19c3372a730e1d8d0af6219db6b006294c0a1e69708189476bc93f45950021ebpfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3.
356649d9c2f36292416d035a36aa1b87ba078c2559b4b41b29fff647aca29fbdXerox DC260 EFI Fiery Controller Webtools version 2.0 suffers from an arbitrary file disclosure vulnerability.
232f0949b47771d8a400247b6898412dc0cdee0443eb991fe9aca3e5e6feaf6eNetTransport Download Manager version 2.96L suffers from a buffer overflow vulnerability.
28848aef819ba5185a0dd108f0a97ed3dfa29c5c39a3c8702b523fe708f4b285NetWin SurgeFTP version 23f2 suffers from multiple persistent cross site scripting vulnerabilities.
cb86e442ff84f5e815cc2692af37acce6e30fbd8973d937b161b7cbe34ca12bbEasy!Appointments version 1.2.1 suffers from multiple cross site scripting vulnerabilities.
ce28d66cade69cacbae2d0aa77efad6ce35b84246bb3a51d6cf1db25de6af0a3This Metasploit module exploits a stack buffer overflow in ALLMediaServer 0.95. The vulnerability is caused due to a boundary error within the handling of HTTP request.
0aeb690c29587f9a0c63a6668b87a74d40a7e016b5c7c1bd296f108aa1a7986dHP Insight Control for VMware vCenter Server version 7.3 allows a low privileged attacker to read sensitive information files, decrypt all configuration server passwords, and gain access to the systems which in turn leads to the compromise of the whole infrastructure.
171a6632cc48d498cc993433e0e5d051881555de1c0cff708aef0055cc0d4f1cGoodTravel Travel and Locations PHP script and mobile application version 1.0 suffers from a cross site scripting vulnerability.
2dcd01f32ff2105c17880d9ad49ee4861236c484ebe4474ef48cde826c7d7440Tripbuddy Travel, Locations, and Events version 1.0 suffers from a cross site scripting vulnerability.
8283b8e4e07e4e98f5710efc7b3cc551e82f7df72361b652a27798bc223c53b2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed