This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
c4a63ea927eadbd15aa533b676da7de90e2feda0be34e3eccaea539cebab75b2
This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
e772df2bb9bc2559a8e1ce1faef1106d0f6d2691866412f3c6f64ad143790589
The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command mode can then be abused by sending a UDP packet to infosvr, which is running on port UDP 9999 to directly execute commands as root. This exploit leverages that to start telnetd in a random port, and then connects to it. It has been tested with the RT-AC68U running AsusWRT Version 3.0.0.4.380.7743.
6da7c92100a89101fa69018aa3816aa9505957ebeb1384b2e303db3bf235ef0c
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
6223d8f9dd9274732fdb0ce5d6524039a1911623ecfd29abec243383e30d5926
Asterisk Project Security Advisory - When reading a websocket, the length was not being checked. If a payload of length 0 was read, it would result in a busy loop that waited for the underlying connection to close.
5fc36cc2204c4418ee1467bbb96d683c0c2675703deb973b6bc63daea6083afd
On February 22, fixes for CVE-2017-5715 were released into the Ubuntu Xenial kernel version 4.4.0-116.140. This CVE, also known as "Spectre," is caused by flaws in the design of speculative execution hardware in the computer's CPU, and could be used to access sensitive information in kernel memory.
72d363acb6dc156e006e909ac1b2d43d8475b46890268147bf31b5fba6a2cc9e
Groupon Clone Script version 3.0.2 suffers from a persistent cross site scripting vulnerability.
0e0291279108a230482831e4b2e6678298d51081fca33ab2532ea047e9a6394b
Alibaba Clone Script version 1.0.2 suffers from a persistent cross site scripting vulnerability.
b684b52121c8d927111c94546a4ec8dba8a0a9663d6ddff591752d5ee977224c
Learning and Examination Management System Script version 2.3.1 suffers from a persistent cross site scripting vulnerability.
3e86e109c9aa4784cd93c3df718cff09633565a675113773767a8f55abbd367c
Joomla! OS Property Real Estate component version 3.12.7 suffers from a remote SQL injection vulnerability.
f59c7e43ecda7ba9e158b234321de00a506b5062d2a908c1cec78db5ff8ac9b7
Joomla! Proclaim component version 9.1.1 suffers from a remote shell upload vulnerability.
d3b42aaa935a602216f97367a67d5d5b6e3b1969c555ea94c199e20b378e888d
Joomla! CheckList component version 1.1.1 suffers from a remote SQL injection vulnerability.
eaf5e0233f4ffa866d363218ecb74330e94ba0f9e76ac4f11c1aea57cdbea862
Joomla! Alexandria Book Library component version 3.1.2 suffers from a remote SQL injection vulnerability.
0c4a5560666446e8e35e424c4526fc6910a2fde6cdfc5a13bff3ecf0c08b9a7e
Joomla! Ek Rishta component version 2.9 suffers from a remote SQL injection vulnerability.
b6997acc9145dcfa4761c77d8c9e451de71ec7326b4c4e1161b759da35d7f6d7
Joomla! PrayerCenter component version 3.0.2 suffers from a remote SQL injection vulnerability.
476e66115641917c493d8bb111d9fa9fa7e61b3fad74a7392c2809c85f209af9
Joomla! Proclaim component version 9.1.1 suffers from a backup disclosure vulnerability.
8d8fa03d56de3952240f153b75360b96780bb2cfd04cb0f4ff396259c7507ff9
Joomla! CW Tags component version 2.0.6 suffers from a remote SQL injection vulnerability.
ace504ca4e70303c687d36116a9cb7bd94365938298748fc06abf227a4fb2293
NoMachine versions prior to 6.0.80 (x64) suffer from an nxfuse privilege escalation vulnerability.
3f84d30a64a0b65edd648d59774c17780e9ca1c4062f2b18efa2c18e9c851e22
Armadito Antivirus version 0.12.7.2 suffers from a detection bypass vulnerability.
9e8a4402af43db4c792e85a002c8ab2b85674ffd06feb1b9c84f33cbe2a44ddb
Disk Pulse Enterprise version 10.4.18 suffers from an import command buffer overflow vulnerability.
e307de6489283b8b1af2c0fffeb4c6bc4cd2451976ad9a55965eb047eda2f56c
Disk Savvy Enterprise version 10.4.18 suffers from a buffer overflow vulnerability.
dd90908461a70ffb033221b05079a153d313a0f457e111ed680c67fc2c96cec1
Wavpack version 5.1.0 suffers from a denial of service vulnerability.
3b6f7db32cf7bfe1affc114a011eb1154963dbd10687688830a645a53a63b94e
Asterisk Project Security Advisory - A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault.
a4a7459638ce3f3a2f66643377d5f17ef2db0d79f31570e23b023b87b15030c9
Asterisk Project Security Advisory - When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash.
2ca83ced6bedaa74703ffe260735d9b6a5f8e6d560c01ef31601708735e0b831