Thrive Smart Home version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e4aeb323f7e63fc22396a520fa3afe3efdd3c385f4c7d50055f96ddd5dd0ea03Thrive Smart Home version 1.1 suffers from a cross site scripting vulnerability.
46cea7a8c0bef7c0a74a6327c76ab35c819eb35ee2af2b41e2ed9ae4714f203fHomeAutomation version 3.3.2 suffers from an open redirection vulnerability.
6c400fc7be48ccc34237bf098de7c74f775e8fb6b620c32b76e8751964726b9fHomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability that allows for remote command execution.
cca8b334de34777125e8f2a0950a8442c54a2c5b0d8651006ecec4b614ce177eHomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability.
f23c1aa99af5634149ccf36f6901f15700735c2a52845ce2a65186b287a4ac7bDebian Linux Security Advisory 4596-1 - Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects.
6ebceaf0d89b2cfd7371e7b66dc4d0a44198b1bc2430ecc38e1dec0541185915Local root exploit for the FreeBSD fd vulnerability as disclosed in FreeBSD-SA-19:02.fd.
05adfc97defa9b66032601dddbc7174d89d7c42893b3449bce122d3043b86df0HomeAutomation version 3.3.2 authentication bypass exploit.
32faefa048892c60f350fd14fb7b3dfb9d5189bfa825f6509603127552d92716Local root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs.
90adbf6571ee419b5720c2c77c09ae73c0b991d5356d6bf9cdef1949b5a67b6dMyDomoAtHome REST API is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
357776a2d5aa47ac656833d53b8602fbc35b3aa0ce805316d286d7e1b1dfd90dHomeAutomation version 3.3.2 suffers from persistent and reflective cross site scripting vulnerabilities.
5bea197f9f58eb7871adf024f5cfc3eba64f2d6e110ef8855ccd8cf44af9dd25WEMS BEMS version 21.3.1 has an undocumented backdoor account that is Base64 encoded. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the controller thru the RMI.
a5fa2ebe403b9dae6b9fd7464ecc1dbb0eb48cace1ac5d8e6e0170f2583f4c0fDebian Linux Security Advisory 4595-1 - It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals.
82061cfc85edebc357e70e88bef1a28092a77d75e58404c34d56e60eb1d2f284Debian Linux Security Advisory 4594-1 - Guido Vranken discovered an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.
a39d0cc9a81c74129e5f00871afb245984b1984fc1e3bd6c3edaaa4475432379WEMS Enterprise Manager version 2.58 suffers from a cross site scripting vulnerability.
808838c8fe62218d13ec462ebceceec14d3c27579ab0faedf0c2ab8a91a904a1Heatmiser Netmonitor version 3.03 suffers from a hardcoded credential vulnerability.
4660a59d519385d8cbe9b5ff59c605844c85e61e300d5e806ea6da2939b58d03Wing FTP Server version 6.0.7 suffers from an unquoted service path vulnerability.
559fc39363ebeac4e49dba17e94eff68b828a2fdd812f22ec437c92d997c5bf7RICOH SP 4510SF Printer suffers from an html injection vulnerability.
8d5023bd4340e358eab608dba8456b5fa91f10420afc43489e80c8293597f950Wave version 2.0 suffers from a remote SQL injection vulnerability.
3a71e4a67e29fbed15f29f6d3130845ff2bd3fe64d23ccb6fcb04deb2474aae3elearning-script version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8f87b2298bc94811437a2e451bb69727fcccabb9017173d181e459c133f73998Cera Intranet Community Theme version 1.0.1 suffers from a remote SQL injection vulnerability.
104390c5f4b1560c784aeb20395128588c46864e3d99bc8955f5f8f4d6b8a00153 bytes small Linux/x86_x64 sys_creat("ajit", 0755) shellcode.
a78386e6925c4c7622dc2d1a9270b66cf3cbc0c50e6f09d58c4768ff8f87dce6FTP Navigator version 8.03 stack overflow SEH proof of concept exploit.
e1f7f7256cf33ce90c5add9067bf1de5588b464624189f4760bd7a07cbc2712aAVS Audio Converter version 9.1.2.600 stack overflow proof of concept exploit.
2079ca5260db181a32d0e96d5a9a243149271528d1e2246bfe814727cf278c7cThis Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).
3e6540f0f1a2e09ac135f635d113e22b32dffae061cff0c1ae9ba68f036aa0a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed