NetDrive version 2.6.12 suffers from an unquoted service path privilege escalation vulnerability.
44e9157e043df161e9fb39f0394ed4b5e87209512feab29c65900291fa239691
Elantech-Smart Pad version 11.9.0.0 suffers from an unquoted service path privilege escalation vulnerability.
02cbc53fbab8dd783a934681021613cab5ebb2e51216a62a12dfaeaea3b2fc7e
MSI NTIOLib.sys and WinIO.sys suffers from a local privilege escalation vulnerability.
415b2d2aaef60ccb1d070b2c6d33045cf983ade86cec4127cad48888f27a3309
Iperius Remote version 1.7.0 suffers from an unquoted service path privilege escalation vulnerability.
8618b69a05255ad576b094dcdf6475d4a7c5bf04e4e1aaf1057780c9f2fbb385
Macro Expert version 4.0 suffers from multiple privilege escalation vulnerabilities.
a58d108f27dbbcb9826ab807cde340349804f0af2171e8dbf29a67e963befa29
Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates. Additionally, they suffer from a cross site request forgery vulnerability that allows an attacker to commit such a firmware update.
1cd736567c6dd8e7a4095d0328fa865f1aa4a27333c0a07940e10243460214b6
u5 CMS version 5.1.4 suffers from an open redirection vulnerability.
6b20bacedcb2762e94ed550d1b2b27ec17c7c86bef19af15363878bdd28cb82a
Joomla Event Booking component version 2.10.1 suffers from a remote SQL injection vulnerability.
9a6a60554a1304a06e8aff69352e7ba22ceafdee6f1e0bfde8366c2574e24407
Pop Under Ads Network version 1.0 discloses MySQL credentials in html source code.
b61df52b0185ea6b9e4036666b505dc6b4b1381807797cebe5c6b71b04558560
VenShop System 2010 suffers from a database disclosure vulnerability.
b0ceb4716a625ecbcff7f9491cf60784443bc16c2085848c56ecc381ccdd0731
This Metasploit module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving code execution. This Metasploit module is based on exploits/multi/http/rails_secret_deserialization.
0aed762884874a2a56109540ad0db42b6eefad643e2cf8d5c9179b0f1d8783a6
SELinux suffers from a protection bypass that allows for a memory mapping that is both readable and writable.
d26907f58e891ec5eb0984325531067ebfcfec48499313b6f58bfd76d6484a2b
Adobe Flash suffers from a memory corruption vulnerability in video decompression.
6ab77f9cdd155daa4dc1957698507e9e4e763903c61c47078ea8d064042796a5
Zortam MP3 Studio version 21.15 suffers from an insecure file permission privilege escalation vulnerability.
89618de9d7c006b9d723db98c264efbaca9fd48244720eb80aa9314a4da750b4
RealEstate CMS version 3.00.50 suffers from a cross site scripting vulnerability.
e8120930436e9c5c5f11e43a93debcf5d4c9505276ec32924b862cf1ca97a94b
Kerberos in Microsoft Windows suffers from a security feature bypass vulnerability.
5ed55cfd547222a50eb5c366ea69653cf9d3890f0d64f8ea97af4f06b1d3167c
Wise Care 365 version 4.27 and Wise Disk Cleaner version 9.29 suffer from an unquoted service path privilege escalation vulnerability.
ca77baa00797001a47e00b898909c3f175cfe93eda9298934ef62bb33f3afd29
There is a crash when the AVC decoder in Adobe Flash attempts to free memory, likely indicating memory corruption.
06f1eb077ee1f466f06c46622473b0779c4d14ab7e40da39791e487f6e4b64d7
The NtLoadKeyEx system call allows an unprivileged user to load registry hives outside of the \Registry\A hidden attachment point which can be used to elevate privileges.
8d30ef721f9061806e06019063b62bba9b734dca044a593c1486cd66752e5a4c
3GP Player version 4.7.0 suffers from a dll hijacking vulnerability.
cd1e5b25c4b560a8aa1e6f52c36a9d7966d409e46b740534aaed94d96856a7bd
TeemIp version 2.0.2 suffers from a cross site scripting vulnerability.
e9651cc9a994c941160fe4eff7d441d0d4b078f225fe55d5bb574d51f3d043a7
RegLoadAppKey is documented to load keys in a location which can't be enumerated and also non-guessable. However it's possible to enumerate loaded hives and find ones which can be written to which might lead to elevation of privilege.
50c93d6edf7373f14720ed5465ad2648ccee020f4b5cd9cc0c2668913eeff08c
AnyDesk version 2.5.0 unquoted service path suffers from a privilege escalation vulnerability.
92ad5e6b35cf13236db03284b2ac821f2900ea60be7fe80dc8fd0506ae549709
Microix Timesheet module suffers from a remote SQL injection vulnerability.
e9681cf5b3fb25defe0b1327e394183a1e9c20555cedb572657238be031bb98d
Matrimonial Website Script version 1.0.2 suffers from a remote SQL injection vulnerability.
bed563ed172429e088c80895a58e2ac102e7a092b19a36090a306aba262750bc