Event Management version 1.0 suffers from a remote SQL injection vulnerability.
https://packetstormsecurity.com/files/177841/eventmanagement10-sql.txt
The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. ...
https://packetstormsecurity.com/files/177840/utillinuxwall-inject.txt
The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio w...
https://packetstormsecurity.com/files/177838/circontrolraption-overflowexec.txt
FusionPBX suffers from a session fixation vulnerability.
https://packetstormsecurity.com/files/177837/fusionpbx-fixation.txt
Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.
https://packetstormsecurity.com/files/177832/dsms-escalate.txt
Purei CMS version 1.0 suffers from a remote SQL injection vulnerability.
https://packetstormsecurity.com/files/177822/pureicms10-sql.txt
Workout Journal App version 1.0 suffers from a persistent cross site scripting vulnerability.
https://packetstormsecurity.com/files/177821/workoutjournal10-xss.txt
LMS PHP version 1.0 suffers from a remote SQL injection vulnerability.
https://packetstormsecurity.com/files/177820/lmsphp10-sql.txt
Asterisk AMI version 18.20.0 suffers from authenticated partial file content and path disclosure vulnerabilities.
https://packetstormsecurity.com/files/177819/astriskami-disclose.txt
Siklu MultiHaul TG Series versions prior to 2.0.0 suffer from an unauthenticated credential disclosure vulnerability.
https://packetstormsecurity.com/files/177817/siklumhtg-disclose.txt
RouterOS versions 6.40.5 through 6.44 and 6.48.1 through 6.49.10 suffers from a denial of service vulnerability.
https://packetstormsecurity.com/files/177811/routeros6-dos.txt
NodeBB version 3.6.7 suffers from a broken access control that lets attackers via data only meant for an administrator.
https://packetstormsecurity.com/files/177804/nodebb367-disclose.txt
WinRAR version 6.22 suffers from a remote code execution vulnerability via a malicious zip archive.
https://packetstormsecurity.com/files/177803/winrar622-exec.txt
This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remot...
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to ex...
https://packetstormsecurity.com/files/177801/wp_bricks_builder_rce.rb.txt
A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administ...
https://packetstormsecurity.com/files/177800/artica_proxy_unauth_rce_cve_2024_2054.rb.txt
Bludit version 3.13.0 suffers from a cross site scripting vulnerability.
https://packetstormsecurity.com/files/177781/bludit3130-xss.txt
Insurance Management System PHP and MySQL version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
https://packetstormsecurity.com/files/177775/imsphpmysql10-xss.txt
Craft CMS version 4.4.14 suffers from an unauthenticated remote code execution vulnerability.
https://packetstormsecurity.com/files/177771/craftcms4414-exec.txt
LimeSurvey Community version 5.3.32 suffers from a persistent cross site scripting vulnerability.
https://packetstormsecurity.com/files/177765/limesurveycommunity5332-xss.txt
Orange Station version 1.0 suffers from a remote shell upload vulnerability.
https://packetstormsecurity.com/files/177764/orangestation10-shell.txt
Nagios XI versions 2024R1.01 suffers from a remote SQL injection vulnerability.
https://packetstormsecurity.com/files/177758/nagiosxi2024r101-sql.txt
MobileShop Master version 1.0 suffers from a remote SQL injection vulnerability.
https://packetstormsecurity.com/files/177755/mobileshopmaster10-sql.txt
LBT-T300-mini1 suffers from a remote buffer overflow vulnerability.
https://packetstormsecurity.com/files/177754/lbtt300mini1-overflow.txt
Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.
https://packetstormsecurity.com/files/177740/MVID-2024-0676.txt