HotelDruid version 2.3 suffers from a cross site scripting vulnerability.

Apple macOS version 10.13.5 local privilege escalation exploit.

Tech News version 4.3.4 suffers from a cross site scripting vulnerability.

Ubuntu Security Notice 3892-1 - Burghard Britzke discovered that GDM incorrectly handled certain configurations. An attacker could possibly use this issue to get unauthorized access to a different user.

Debian Linux Security Advisory 4396-1 - Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system.

FTPShell Server version 6.83 suffers from a denial of service vulnerability.

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

This Metasploit module has been tested on a Wemo-enabled Crock-Pot, but other Wemo devices are known to be affected, albeit on a different RPORT (49153).

FaceTime suffers from a memory corruption vulnerability in texture processing.

Microsoft Edge has an issue where the default flash click2play whitelist is insecure.

On Android, a ptrace hold makes the seccomp filter useless on devices with a kernel with a version lower than 4.8.

Red Hat Security Advisory 2019-0373-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Issues addressed include integer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2019-0380-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.6 serves as a replacement for Red Hat Single Sign-On 7.2.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.

MaxxAudio Drivers WavesSysSvc64.exe version 1.6.2.0 suffers from a file permission privilege escalation vulnerability that results in SYSTEM level access.

Typo3 CMS Shop System tt_products version 2.9.4 suffers from a remote SQL injection vulnerability.

This write up contains details on how to perform remote code execution within Jenkins.

Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.

Typo3 CMS T3 EasyEvent tx_easyevent_pi1 version 0.37.3 suffers from a remote SQL injection vulnerability.

WordPress WooCommerce plugin with GloBee cryptocurrency payment gateway versions 1.1.1 and below suffer from payment bypass and unauthorized order status spoofing vulnerabilities.

Typo3 CMS Realty Manager tx_realty_pi1 version 2.0.0 suffers from database disclosure and remote SQL injection vulnerabilities.

Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.

Typo3 CMS Commerce DAM connector tx_commerce_pi1 version 0.1.0 suffers from a remote SQL injection vulnerability.

Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities.

XAMPP version 5.6.8 suffers from cross site scripting and remote SQL injection vulnerabilities.