runAV with mod_security suffers from a command injection vulnerability that leads to privilege escalation providing the clamscan binary is setuid.
bdba22ff6e69274f11a7562bef9ed503271afdbace54eebcfb3853ad25e4c0df
NRSS News Reader version 0.3.9-1 suffers from a buffer overflow vulnerability which allows local attackers to obtain privileged access when exploited.
b5f3a2404aafd8eda6e505827572e621bcf0d5d5702bc0d990458b962448eb94
FTP JCL execution exploit. Requires valid credentials to the target system.
288002391162bca71d1f77dd511e366a7a7a3282a4917e020423964d0f44e14a
Wireshark suffers from a heap-based out-of-bounds read in AirPDcapDecryptWPABroadcastKey.
cefcba13f26aae83ab52522e6f7f1d5b147aed9d8191978f1c74d250d888da31
Huawei Mobile Broadband HL Service versions 22.001.25.00.03 and below are vulnerable to a DLL side loading attack allowing normal unprivileged users to gain full SYSTEM access.
2563ce6275ba1108791f8d13204c1f460cd819b171ba0d2cbc4d69e26b85e5dd
Core FTP Server 32-Bit build 587 heap overflow denial of service exploit.
fdc372a0780e2521678e1599b9d2a6f1d4d695379cf95f8f655f26ccef873f6b
Adobe Reader DC versions 15.010.20060 and below memory corruption proof of concept exploit.
8b4ce0368271005db67d2e3f262d808e9b0654c8d487017bf71bd7bc168bb853
Ipswitch WS_FTP LE version 12.3 search field SEH overwrite proof of concept exploit.
a06e22815ff2158c61a05fcfe0d360b6411bfee1bc6b430d27f315d4ee52f7b1
CIScan version 1.00 hostname/IP field SEH overwrite proof of concept exploit.
1c1639749211f240dcd240d71ae6baae3868ec116f68c568a80f04dbc1b2b775
Android Broadcom Wi-Fi driver memory corruption proof of concept exploit.
c4c12cb38e6d2b70be8735e7ec14759ae9fc80ee9eaf6ef89e5d82541843c1e2
Skype appears to possibly be susceptible to a content spoofing vulnerability.
1818fa20690442196c2929353bf64fe6a49db93abd0c384a6575fe27f68fa6fd
Joomla Event Manager component version 2.x suffers from a cross site scripting vulnerability.
b2b22fefa48cf08c718c9172065b478d23024466d877da760ed560e364b738a2
Wordpress BulletProof Security version 53.3 suffers from a cross site scripting vulnerability.
355fd2db564941e22cb266eb97843d68bf8f592f15e9be6a9a9a9155c62fff30
Trend Micro Direct Pass suffers from bypass and cross site scripting vulnerabilities.
cfbc208b57032c60c568c65bf355a0b14fe903a50f11806344635b40a39d6312
Stanford suffered from a remote SQL injection vulnerability.
488b1c83e4bd6987e90181b72a1f482b05b23b147b14bdecab75c7a0c3d6162b
Notes version 4.5 for iOS suffers from an arbitrary file upload vulnerability.
70c5eab78b2c0d9472c025b166a4d138c9f033ca2b9ececb1124e657261aca1c
Certec EDV atvise SCADA server version 2.5.9 suffers from a privilege escalation vulnerability.
8a666916eaf09070cb8201511edd0565c336897f502249870044a9ab56e4dd88
Dell SonicWall Scrutinizer versions 11.0.1 and below setUserSkin/deleteTab SQL injection / remote code execution exploit that leverages a vulnerability found by Brandon Perry in July of 2014.
6dc759bc14a238d30a49e98bea0afabd99f1ed4bda69fec060f0fc09e8cf5e1a
Microsoft Windows blue screen of death exploit that leverages a privilege escalation vulnerability as defined in CVE-2016-0051.
67d82404d6a35158b3347f4bd5cd1f5636bbcb06bb08385ad27e8018e31b2bc1
manager.skype.com suffered from a filter bypass vulnerability.
e7fdc3f2838742e57eca2759b9ce7eff642e725f08be5a1d47c623e98d27f5d6
WordPress Event Registration plugin version 6.02.02 suffers from cross site scripting and remote SQL injection vulnerabilities.
c68bc624b9c59b3929a3f69f844c90408587a093736cafbe16c9de5602ab2d87
PHPWebFTP version 3.3b suffers from cross site scripting vulnerabilities.
9d68d46015cb9bd4cd46ee567443d110deb5c32da2e2ad61e485ef37bb6e30b2
Ajaxel CMS version 8.0 suffers from cross site request forgery, cross site scripting, file disclosure, and remote SQL injection vulnerabilities.
ba065418c9fddd4cde997ef1cc0e2ca3ffb37968eeaba86670b5847e55ca2a43
Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices.
3a3494bcdbe8f6b8c31c2a7fca58aaa5c1af0d80362f0ec65e759ae54b68b2ac
This Metasploit module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example) that triggers the command injection. Tested on Linux, BSD, and OS X. You'll want to choose your payload carefully due to portability concerns. Use cmd/unix/generic if need be.
b4c6b0e7acc235fa1688e82fff7eedb021357977c009bfb8d3faf0171a733bf1