By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. Versions prior to 8.4 are affected.
1d5b03ba6b9a7b0e1ff5623237c28661b4f890d43709aa901df21c57464f2cf6EMC Unisphere for VMAX version 8.0.3.4 contains a fix for a remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 8.0.0, 8.0.1, and 8.0.2 are affected.
dd26bb1f3f1a79a0085a4c0fc0d186a5ec9968c910963ab1d6a7e4b98b20715eKoha ILS suffers from cross site request forgery, cross site scripting, remote SQL injection, and path traversal vulnerabilities. Versions 3.20.x less than or equal to 3.20.1, 3.18.x less than or equal to 3.18.8, and 3.16.x less than or equal to 3.16.12 are affected.
db2ddcd34b4c592559253b1b3c6f3e7e83b307e30c13455c3c11e7c181ea9384NETGEAR ProSafe suffers from cross site scripting, header injection, and remote SQL injection vulnerabilities.
d2cffb6c14ae7d6d75847a649433d54664550130dd5ffabcc160493696e70230Cisco Security Advisory - Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv) suffer from a default authorized SSH key vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for these vulnerabilities.
e38fb0ce7d80564472a520ad94e940659c93ba113976a0dacea062720bcd0b67Download Zip Attachments version 1.0 suffers from an arbitrary file download vulnerability.
5c51fdb6e266ef3a8a35172957a3166fd6452e291e1e736475722362e05b938fWordPress WP-Instance-Rename plugin version 1.0 suffers from an arbitrary file download vulnerability.
9a24d9b6daa62347b0cb943035d61843dba740d737dd765fd6a8ca7bdea56236ArcSight suffers from a log poisoning vulnerability.
fc2f4788f873862fc266d71b5a6c6655034f7c3ae00f59103be393d90706c07bHtcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
981291a5ddf50d934fe6635ef8364804c1736f0f3495311f538a582c06e131fdNucleus CMS version 3.65 suffers from a persistent cross site scripting vulnerability.
546f34805d04034f047e4144ea4b40a6097badf77ac07bce75855a9b73741bd7Havij OLE automation array remote code execution exploit.
0b4819a45bd6e1a62245eba921eb17566ff9e73ce344ddff448a2b0e24071756Linux/x86 forced rmdir shellcode.
469f7ff5f741fdd0315a04ed6f346abbcb0f53af634b84d8f389271376f8674e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed