Trovebox versions 4.0.0-rc6 and below suffer from authentication bypass, server-side request forgery, unsafe token generation, nd remote SQL injection vulnerabilities.
2bd9eba90c187412520d8986e92dd1c4480228cda7bb0eec67f1460e5d7e18acThis Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hard-coded cookie secret which allows to sign arbitrary cookie data. After passing this signature check, the base64- decoded data is passed to PHPs unserialize() function which allows for code execution. The constructed object is again based on the SektionEins Zend code execution POP chain PoC. Kaltura versions prior to 13.1.0 are affected by this issue. A valid entry_id (which is required for this exploit) can be obtained from any media resource published on the kaltura installation. This Metasploit module was tested against Kaltura 13.1.0-2 installed on Ubuntu 14.04.
da00d7666ebcac087d98220e64d9b76abb02af42dcd0af40a1090b15bf80f97dKaltura versions 13.1.0 and below suffer from a remote code execution vulnerability.
73bbdc3dfb63fe71bff9b533363ded6daba1c5d251d456a8d077bb1e4caf737cKaltura versions 13.1.0 and below suffer from code execution and cross site scripting vulnerabilities.
f13d7e1066f62d0ca0b0da505366a1d539c7943e2d61a9efc629ec92d9a34e9fDirtyCow local root proof of concept exploit that overwrites passwd.
df34e9d762c2e604ca92f005965b39f3d5c491ae429c86602f59d50276e01130myBloggie version 2.1.6 suffers from a remote SQL injection vulnerability.
9100ce6e2002fd13b7e37a95eaf2aa28615a7922545368ed8f273d60567f928aWebSpell versions greater than 4.0 suffer from authentication bypass and arbitrary code execution flaws.
8467b9c101022d381e98b3f6b888b3fa5bea9ca1d685b2b19003a3b4eb7b32eedotProject versions 2.0.1 and below are vulnerable to multiple arbitrary code execution and information disclosure problems.
65d278cfd1e0fb5de0c01a4650d9eb60a82d1f8ca72d701d3d4d18e7db65063fPHP-Fusion versions 6.00.206 and below suffer from SQL injection attacks.
5c759a854ef640ac086d20a4e6915f62b1f78fc833f667effd143990303e0ff0Affiliate Network Pro version 7.2 suffers from SQL injection, code execution, and cross site scripting flaws.
b68e33f43a3e04ebcaa708511893cd0724696a199e0423be9e92141c50125a03A remote code execution vulnerability has been discovered in various CodeGrrl products including PHPCalendar, PHPClique, PHPFanBase, PHPCurrently, and PHPQuotes.
2539e6a0a10e5c9a163b673cf8ee1861d726956268b445b7b8fd95553d9bb737
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed