WordPress Ultimate Product Catalog plugin versions 3.8.1 and below suffer from a privilege escalation vulnerability.
26e16b8111d6776a483b80f13ec222d56319239cdae60821e333d1e54f5b61b3
Skype for Business 2013 suffers from a user enumeration timing attack vulnerability.
dedc70fffc5ea2d07f68d69fbe8ae570b34e97daacc51b72c8224705bb509cbc
phpATM versions 1.32 and below suffers from cross site request forgery and path disclosure vulnerabilities.
df0c2e8cdde4cef425a90d37b3280ca2ab7ba7b73bf71860018c5dd1ad11740f
WordPress Gravity Forms plugin version 1.8.19 suffers from a remote shell upload vulnerability.
08f28d9eb0582588c81b63481ca58e5db3c64a1f7c6546c4b854f69d5d88da51
With MS16-063, Microsoft has patched CVE-2016-0199 which relates to a memory corruption bug in the garbage collector of the JavaScript engine used in Internet Explorer 11.
8d60da32ba3ba0db4a0f218c7ca375ed14206761ebd4594a313e25dd2ebe4eae
phpATM version 1.32 suffers from a remote shell upload vulnerability.
bd06692dea631ae0422f2ca3b556ff56ffbb8f5f6d8db4dccba08d74b62429d9
Tiki Wiki CMS Calendar versions 14.2, 12.5 LTS, 9.11 LTS, and 6.15 suffer from a remote code execution vulnerability.
4685c3289b13b709e9edc89b3d6c123f6e13f0a8d27d431dac59b8798f51c5d0
Adobe Flash Player versions prior to 22.0.0.192 and 18.0.0.360 suffer from a DLL hijacking vulnerability.
f6c1e0db1cf0414a2c4e623656746bf18311c21d232ce0247945fb82f69047ed
The configuration page in version 7.1.9 and below of op5 allows the ability to test a system command, which can be abused to run arbitrary code as an unprivileged user.
34a689b22e757960916b2b0af3d9484a9d86ebc2d53f95c0c172deab2122b07e
Gemalto Sentinel License Manager version 18.0.1 suffers from a directory traversal vulnerability.
b6f5fa824af2472d89f14922b1eecb858b838bc8381d5dfedbce1270a4f00f76
Papouch TME ethernet thermometer and TME multi: Temperature and humidity via ethernet both suffer from cross site request forgery, hardcoded backdoor super user accounts, and missing access controls.
f0ee50dfb9961307792f4a00e338a077ffcc384ad59b75c9c48148eb47af0af9
HP StoreEver MSL6480 Tape Library version 4.10 suffers from cross site request forgery, weak default credentials, and access control vulnerabilities.
8f08337957222b11d4c4a443649d9ff928174b1dd9235eb25bb284e0dc7cb01d
Vicidial version 2.11 suffers from a reflective cross site scripting vulnerability.
470527fc33fccb2596dd91bd347a8e1ba1e96a9b5a7baa96273bae4002438f37
Python's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme.
9fea0de30ead37c21a774ad8b50ab697e88f3e051112390e3be85d2e599d044f
This proof of concept crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce.
b7aa281ca915adfcd3f0036cfcc5520eaeec49ed0e0bd9d5eefcf699d19dd4d5
This proof of concept triggers a blue screen on Windows 7 with special pool enabled on win32k.sys. A reference to the bitmap object still exists in the device context after it has been deleted.
f04d7b9b1c0e9540acf78ea24f4a7cb1a5447a0d505993588c4d2ec4d70d0eef
This Metasploit module simplifies the Regsvr32.exe Application Whitelisting Bypass technique. The module creates a web server that hosts an .sct file. When the user types the provided regsvr32 command on a system, regsvr32 will request the .sct file and then execute the included PowerShell command. This command then downloads and executes the specified payload (similar to the web_delivery module with PSH). Both web requests (i.e., the .sct file and PowerShell download and execute) can occur on the same port.
653e52256863e298ea027d1fbc2e93563d971499a730d085d1bbd98fa0c2ab72
Roxy File Manager versions 1.4.4 and below suffer from a remote shell upload vulnerability.
85c837a12824706aaefba54d873df121becb48e231016a8e0f38d349a8ec7130
Multiple ATCOM PBX systems suffer from an authentication bypass vulnerability.
8dfb3eca25689e91bfe4c801bf3df1163e8c3c7334d4429d6b0549a9c76936a3
Several functions in the GPU command buffer service interact with the GPU mailbox manager (gpu/command_buffer/service/mailbox_manager_impl.cc), passing a reference to shared memory as the mailbox argument. MailboxManagerImpl does not expect this mailbox argument to be malleable in this way, and it is in several places copied and passed to various stl functions, resulting in unexpected behavior from double-reads when an attacker modifies the mailbox name mid function.
f8a976a14646044c7e5586eef81525079a7a9db25b46316e0dc9807036d3e4bc
Json2Html javascript library suffers from a cross site scripting vulnerability.
c1d9df792a2e871f24882a4c9e37dffb7c6ab9bfcbbc66857d3b9b1b97e24843
Slim CMS version 0.1 suffers from a cross site request forgery vulnerability.
fd24e756bfb55998e55147903393b302ca7a56ca3ccd23276855b02bbf47239a
Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a java deserialization vulnerability.
f915b7c8e1490be3b5efefa54a6482a71e7b49a70921a15a16cb111dcf215ee6
This Metasploit module exploits a vulnerability in the Bomgar Remote Support, which deserializes user provided data using PHP's unserialize method. By providing an specially crafted PHP serialized object, it is possible to write arbitrary data to arbitrary files. This effectively allows the execution of arbitrary PHP code in the context of the Bomgar Remote Support system user. To exploit the vulnerability, a valid Logging Session ID (LSID) is required. It consists of four key-value pairs (i. e., 'h=[...];l=[...];m=[...];t=[...]') and can be retrieved by an unauthenticated user at the end of the process of submitting a new issue via the 'Issue Submission' form. Versions before 15.1.1 are reported to be vulnerable.
698e0392eb6fd3200601379e4e3d239ebb1d4c3143e7663f8154566abf6dec9c
jbFileManager suffers from a path traversal vulnerability.
a79015bbb00e588181d9b153f7cac50d3cf3b638872d17a01e594029c4e6e0e5