Ubuntu Security Notice 3793-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, or execute arbitrary code. It was discovered that if a user saved passwords before Thunderbird 58 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. Various other issues were also addressed.

Ubuntu Security Notice 3792-1 - It was discovered that Net-SNMP incorrectly handled certain certain crafted packets. A remote attacker could possibly use this issue to cause Net-SNMP to crash, resulting in a denial of service.

WordPress Support Board plugin version 1.2.3 suffers from a persistent cross site scripting vulnerability.

Library CMS version 2.1.1 suffers from a cross site scripting vulnerability.

This Metasploit module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This Metasploit module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This Metasploit module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be successful. This Metasploit module has been tested successfully on Solaris 11.1 (x86) and Solaris 11.3 (x86).

The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated and unauthorized live RTSP video stream access.

The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.

FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access.

Ubuntu Security Notice 3790-1 - It was discovered that Requests incorrectly handled certain HTTP headers. An attacker could possibly use this issue to access sensitive information.

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed via the 'file' parameter in download.php is not properly verified before being used to download config files. This can be exploited to disclose the contents of arbitrary files via absolute path.

The FLIR AX8 thermal sensor camera version 1.32.16 suffers an unauthenticated and unauthorized live RTSP video stream access.

Advanced HRM version 1.6 suffers from a remote code execution vulnerability.

Centos Web Panel version 0.9.8.480 suffers from code execution, cross site scripting, and local file inclusion vulnerabilities.

MaxOn ERP Software versions 8.x and 9.x suffer from a remote SQL injection vulnerability.

College Notes Management System version 1.0 suffers from a remote SQL injection vulnerability.

Academic Timetable Final Build version 7.0b suffers from a cross site request forgery vulnerability.

Academic Timetable Final Build versions 7.0a and 7.0b suffer from a remote SQL injection vulnerability.

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution.

Ghostscript suffers from an issue where .loadfontloop exposes system operators in the saved execution stack.

Alchemy CMS version 4.1-Stable suffers from a cross site scripting vulnerability.

BigTree CMS version 4.2.23 suffers from a cross site scripting vulnerability.

Proof of concept exploit for a Mozilla Firefox picture drag and drop security bypass vulnerability. Tested on versions 3.6.10 up to 62.0.3. Password to decompress this archive is ff2018.

Snes9K version 0.0.9z SEH buffer overflow proof of concept exploit.

D-Link DSL-2640T suffers from a cross site scripting vulnerability.