KBPublisher version 6.0.2.1 suffers from multiple remote SQL injection vulnerabilities.
0cb59314e98c852707ac5044f0b1f1a109831b145d21d607881263502e2cf412Avaya one-X versions 9.x, 10.0.x, and 10.1.x suffer from arbitrary file disclosure and deletion vulnerabilities.
fc1fefea9634475bbbb4693999d6ebf22e28f289b373c3065c44d068c1f14a41Televes COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities. The vendor has notified Packet Storm that firmware version 1.03.0016 addresses these issues.
9baff8fd7ea7ecdd219dd2f97ec0f608150440181c7874a88448885e8ba30f70This Metasploit module exploits a directory traversal vulnerability in ElasticSearch, allowing an attacker to read arbitrary files with JVM process privileges, through the Snapshot API.
9e9a04cf21f31c1319caa6af694dd744146d5b671a3f719be244d3e2a6ee6426Proof of concept code that demonstrates a path traversal vulnerability in ElasticSearch that allows for arbitrary file disclosure.
acc7fbc1802f44f38d620e53cd9d14a6ea2c9e4d060e96de4e1424e40872e719The connection string for ELK cloud-azure plugin contains hardcoded http url with the lack of encryption and certificate validation, therefore it is prone to sniffing and MiTM attacks. A potential attacker with the required access to the network traffic would be able to intercept the content of the indexes snapshots.
b9cb4d374481587d608107ba93bf30d52ff5610e4e98d41e70599fe1f0ceeca7ElasticPwn is a proof of concept exploit that demonstrates the directory traversal vulnerability in versions prior to 1.5.2 and 1.4.5.
b8dc5f1df82809852d6a77c351c7f2eb981f60244033ee5ab50a39260d9b0d1aCheckpoint Endpoint Security Media Encryption Explorer version 4.97.2 (Endpoint Security R73) contains two issues which can help to bypass the failed password attempts limit established in the password policy.
d45ede8228777b255c99202f1374063461f34fa72e724348fe261b37ed4a87e9Cisco IronPort Security Management Appliance M170 version 7.9.1-030 suffers from cross site scripting and cross site request forgery vulnerabilities.
40a0643dbab499a3f46d60fad23c407a10df8680b8e1f4e8115ef3aed8b93719CM3 AcoraCMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, and 5.5.0/1b-p1 suffer from cross site request forgery, cross site scripting, information disclosure, weak cookies, and URL redirection vulnerabilities.
f65adb8d5d4537a8f1aff22cba3e550a87e391426812fdba7c08849a765bdb48DS3 Authentication Server suffers from path disclosure and remote command execution vulnerabilities.
d07d1f72f40c9b53f97cf062264dfb6ed349d318e2eea59c7eed003aced0fc18Imperva SecureSphere Operations Manager version 9.0.0.5 Enterprise Edition suffers from path disclosure, command execution, and arbitrary file upload vulnerabilities.
eec04250ec48215aa48bf604cc560ffa6c8c039d2efdf01586190d7250bc757bEditran editcp version 4.1 R7 suffers from a remote buffer overflow vulnerability.
f6cf7e0a1f25c0379e532cbc05ba69f842d14168870d4997d94a2bb755af715bLifeType version 1.0.5 remote SQL injection exploit.
7cb3dc6c234b81ecb6a1977eec55a71c40c959d192c299baa5bde267e114d3b6eBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. Spanish version of this advisory.
4b482fbf333a075d4751aebdbee51b85b7250269c2ca66b3ebfd2e00f6a4cb76eBusiness Designer versions 3.1.4 and below suffer from arbitrary file upload, code execution, and cross site scripting flaws. English version of this advisory.
5f43f8818b4f40213db564e4798a4d0c1b083d11b61f808f44f657e604a3aea0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed