This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain root privileges. The issue is that, for VMs with audio, the privileged VM host process loads libasound, which parses ALSA configuration files, including one at ~/.asoundrc. libasound is not designed to run in a setuid context and deliberately permits loading arbitrary shared libraries via dlopen().
4f6b3ffb38593e545a6d2b121f82db2cd943284427086d0cf851e6f78aa712bf
Asterisk version 14.4.0 with chan_skinny enabled suffers from a memory exhaustion vulnerability that can lead to a denial of service vulnerability.
f873e04bcb0eecc9597ab97c172b350143d8b4bc7a90a33fabc8192c71a4c519
Asterisk version 14.4.0 running chan_pjsip with PJSIP version 2.6 suffers from a denial of service vulnerability.
26735dd3956e23cd86d3bfd7f09cf45b7e07e2f91f84b5f91c48da4e3976b767
Asterisk version 14.4.0 with PJSIP version 2.6 suffers from a heap overflow vulnerability in CSEQ header parsing.
96d2411683190b99bf76dad788720f5b886c567643bf4124f892badaecf39a31
VMWare Horizon client version 5.4 suffers from a dll hijacking vulnerability.
05cb35186f2e5f6b2221c1ab68f277a67270ad790351e64db88411655e075325
HP SimplePass versions 8.00.49, 8.00.57, and 8.01.46 suffers from a local privilege escalation vulnerability.
ed0ba43506d010e8c28aee71c085c7b2aa863c572c95d00e7bb69bb5b2d1abdb
This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Sync Breeze Enterprise v9.4.28, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
5ff2902a3ec062393e0570fee4f1cc86ff341942ea0f0f52a2987780cddb68ec
This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.
42e48276927339958a36dbb2f1b6e10a0ccdc795bdf63b73b3596ebd982b5dac
Pegasus version 4.72 build 572 suffers from a mailto link remote code execution vulnerability.
4427731fa13b99b05e574e495f0ae5cbb93c76a5b78829b68f137b2e0bd8adef
Secure Auditor version 3.0 suffers from a directory traversal vulnerability.
9e96947d550edd506262be8499d639f6170b5fd597c1c3c5b3b82e2f120658a4
Microsoft Windows 7/2008 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.
a89834c93f1d470ef6476b4a640ac5f5403058b6205f6653a27aa9c7ac53d1f4
Microsoft Windows 8/2012 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.
d2515a1e6d996e23c72bd9ad42e411a45def083377a039d3c6f773b7ebd85fba
The Joomla version 3.7.0 fields component suffers from a remote SQL injection vulnerability.
914600f2292f25a5648b2ad58ced49b43809bcd44e72b9d8a1f6176e284de9f6
PlaySMS version 1.4 suffers from a remote code execution vulnerability.
3c8a63c95cb5cd39de2c05874efd2f98a9c719765b28143345cabc3ef991b525
D-Link DIR-600M Wireless N 150 suffers from an authentication bypass vulnerability.
d2de4c1ec6d915ce30568940e60b15df8daef411482a245f56c00ebbe5c653ba
ManageEngine ServiceDesk Plus version 9.0 suffers from an authentication bypass vulnerability.
0b8968d2eb45a073ca7bd4ac6b7249f163568b69dd319a79d314bac27cbd48d1
SAP Business One for Android version 1.2.3 suffers from an XML external entity injection vulnerability.
3257ec117b9ead701ce13e2ebd0d94106c6ccea7ddacfc94e55a7d5f53ba0456
KMCIS CaseAware suffers from a cross site scripting vulnerability.
8ed17c56890bb941dc62c03f9ac26a10d3abf303ee137587b5a0126dd6299721
Ceragon FibeAir IP-10 versions 7.2.0 and below suffer from a hidden user backdoor vulnerability.
19d0253d67bfd5628b69787c405f7a3c2992c6236010db3ca5711b8a3408d169
Kodak InSite versions 6.5. through 8.0 suffer from a cross site scripting vulnerability.
edfdb5072d2100ae5816327aa1047bf156b40a14eb41a16b1e0dfe93a6055864
Belden GarrettCom 6K and 10KT series suffer from suffers from buffer overflow, authentication bypass, information disclosure, and other vulnerabilities.
49d1717295169be58fe33b4c7d8306f29f0d9e8f045dbaf9cda485d36d3f2e48
Oracle PeopleSoft suffers from an XML external injection vulnerability that allows for SYSTEM remote code execution.
8ea1552b5500186fdceab51a03b9a96efe05ec0e67c4fb4ae2ab5916f021c96a
Microsoft Windows suffers from a running object table register ROTFLAGS_ALLOWANYCLIENT privilege escalation vulnerability.
36f03383066ee290d05c378c215e41fa232689f697acdd92d4113874ffffea27
Apple iOS versions prior to 10.3.2 suffer from a notifications API denial of service vulnerability.
29027c75a282ced872743a26249f8bc6a1222243f76ab7a6119a4c5ad36931cf
Microsoft Windows suffers from a COM aggregate marshaler/IRemUnknown2 type confusion privilege escalation vulnerability.
7d9306b31056624843b7596903b03f2850b51e4cdcc0f3b35afc516f0af1bec5