The SySS GmbH found out that different resources of the web application perfact::mpa can be directly accessed by the correct URL due to improper user authorization checks. That is, unauthorized…
>> CATEGORY: exploit
The SySS GmbH found out that the web application perfact:mpa accepts user-controlled input via the URL parameter “redir” that can be used to redirect victims to an arbitrary site which…
The SySS GmbH found out that any logged in user is able to download valid VPN configuration files of arbitrary existing remote sessions. All an intruder needs to know is…
The tested web application perfact::mpa offers no protection against cross-site request forgery (CSRF) attacks. This kind of attack forces end users respectively their web browsers to perform unwanted actions in…
SySS GmbH found out that unauthorized users are able to download arbitrary files of other users that have been uploaded via the file upload functionality. As the file names of…
SySS GmbH found out that the request new user and translation functionalities of the web application perfact::mpa are prone to reflected cross-site scripting attacks.
This archive contains all of the 240 exploits added to Packet Storm in February, 2016.
This Metasploit module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrators interface where they…
Microsoft PowerPoint Viewer version 12.0.6600.1000 suffers from a DLL hijacking vulnerability.
em4 soft and M3 soft both suffer from a privilege escalation vulnerability. Executables can be changed by an authenticated user due to improper permissions.