Dell Sonicwall Scrutinizer version 11.01 is vulnerable to an authenticated SQL injection that allows an attacker to write arbitrary files to the file system. This vulnerability can be used to write a PHP script to the file system to gain remote command execution. Metasploit module included. Dell contacted Packet Storm on 07/14/2014 to let us know that release 11.5.2 has been made available to address this issue.
e6844166557a62dfe434032eb24092085e6956f068dc06377704ee9ecd4283d7InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities.
294e286dd4ab6ecdb1b5049d5d2988629872d53ef390926a21c84a0185be41d0WordPress Compfight plugin version 1.4 suffers from a cross site scripting vulnerability.
beafaa2e67f7765896dc28554a9e6d292343e13ae7656ce221cc8240511f2703WeBid version 1.1.1 suffers from cross site scripting and LDAP injection vulnerabilities.
8d105c182ef624aebd5f05c368cb97564d70f4933625cfef2c42cd9f068f3d2eGnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
b7b5fdda78849955e0cdbc5a085f3a08f8b7fba126c622085debb62def5d6388C99 shells suffers from an authentication bypass vulnerability due to a simple backdoor.
554dae55ff26f69f50b253292782ae555b3c7c278d639da9e686c98d4a5ea194EUnet CMS suffers from a remote SQL injection vulnerability that allows for login bypass. Note that this finding houses site-specific data.
186aea02fc4baf240db6509ce6ab04fd1d7238a29e09b0e6d836923977c85196
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed