WebKit suffers from a WebCore::InputType::element use-after-free vulnerability.
26accfef3c015e940fb5ee457cb6a29a72c381aeafaf3f15e41b5c7a42c7d015
WebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.
6eef1993e0cd62e0fad5f186f71640c1ddc0dd0940b55f1ad76e91e12504c088
WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.
b0d62cf7ab42c752da7c6b95126b1b47b02f6705a61df1f00207db405ed0dcff
WebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.
8fb09a6df3645a5bb6ae947a46e56826654f1c6c20cf3208f9247bd19743e887
WebKit JSC JSObject::putInlineSlow and JSValue::putToPrimitive suffer from a universal cross site scripting vulnerability.
f095b5aaa821ebc8b2b079ea176435f7ceb10452b75dab356e18e864136cf744
MEDHOST Connex suffers from having hard-coded credentials that are used for customer database access.
3ec6996dd81186f3e6b24b5054c626a66031e271872c3bff28c529d9fc080d1e
WebKit suffers from a JSC JSArray::appendMemcpy uninitialized memory copy vulnerability.
8d22ca5e10db1797b729dcfc5c2d6c3e3fe279ed1337004c773ea5f826eaebf4
WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry).
d3dc861b45ee21a79280a28a3f48b4c0af5d9e2ccf5aa78da8711387b3faf038
WebKit JSC suffers from an uninitialized memory reference in arrayProtoFuncSplice.
ce1c4741e5611858900581d7df034b8e7542529547943c3348da1dbda9904227
RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Affected versions include build 2032 and 2.0.625.
becde93c067e78ba68597a35f6d477408561832538f83bbfc9c5867a28459d85
RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to capture network traffic on the appliance's interfaces. Affected versions include build 2032 and 2.0.625.
acd4c88b4e6b269475472b9ac9f07228d4f40087768925bc7eb00ecfecd3522c
RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Affected versions include build 2032 and 2.0.625.
566d35f51e7eacf080b67dde2ac3e518fc64eab804ca996a361d492a9d1e33b8
MAWK versions 1.3.3-17 and below are susceptible to a stack-based buffer overflow vulnerability.
8ae22f24c6687d7f34733d9e6e83cb7ac1404a6bfaedd4166e57d39f5962fe1d
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Affected versions include build 2032 and 2.0.625.
73f166953c9826d6cb5ced2e73d23f83f1666942751bbe3a859d6bd211d10a9a
This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.
890ea76a03a7ffc9458899b7ae1381272680a62d4a6c1693ff6dec23f6adde77
RedTeam Pentesting discovered a cross site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Affected versions include build 2032 and 2.0.625.
24d8f1cffd703098f7bc99803e67978d1404d5582276c79f31555172622b593b
RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary files from the affected system with root permissions. Affected versions include build 2032 and 2.0.625.
4b2a83e33f783d6780df2b94816103795f01791ce55f04a8febcf31ae4a50c00
RedTeam Pentesting discovered an information disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Affected versions include build 2032 and 2.0.625.
c1999c59bf1a49e27b345dcd1c7259a0a82d09f67464808f16ff746ad4c41449
PaulShop suffers from cross site scripting and remote SQL injection vulnerabilities.
7c3af021c23b188fe48f320ae94baafff3bb919f1fe1a6986ef714449c4046f4
Microsoft Internet Explorer mshtml.dll remote code execution exploit that leverages the issue noted in MS17-007.
849f2394e75f12bb7326f5a6a2dac97c8926f31c414519308124090678a4e556
Oracle Web Center versions 11.1.1.9.0, 12.2.1.1.0, and 12.2.1.2.0 suffer from a cross site scripting vulnerability.
2531e12e01a7118146ce68b91b837af4880c4240f9cd622a3a92ab32ee4a9983
This Metasploit module exploits a buffer overflow during user registration in Easy Chat Server software.
a11f51434b99747a06b9d4878be9cccbf5c461526ed75293c076ac0c7ffdaca3
A vulnerability exists in the latest version of Razer Synapse (v2.20.15.1104 as of the day of disclosure) which can be leveraged locally by a malicious application to elevate its privileges to those of NT_AUTHORITY\SYSTEM.
9240ec8d6ca5d5eb386ea5fd8d70c4669a8c2b74388b4cb929f23fc1508d1dd8
IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
f8bdea7a53ee5a4ab20fad1a03f6c2a2dfaa0823d9fec5b982ed96aa724d1965
This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user's password supplied using HTTP basic authentication is used in a call to exec(). This Metasploit module has been tested successfully on version 2.11 RC2 and 2.13 RC1 on CentOS.
9eb1e6c5340ea76cc93256435c463b701834212afc1bee15eb34fd6f73202c7d