Linux/Ubuntu suffers from a vulnerability where other users' coredumps can be read via a setgid directory and killpriv bypass.
a592a3eaac60c8a390da56980e7a4c2fa1044e45b3e50a5a299465a3f01de74d
This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS. This Metasploit module will upload the pre-compiled exploit and use it to execute the final payload in order to gain remote code execution.
8c042c8825650019d1e31b5398ad5381eeb236d87035fde08adff61e565143d1
This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.
864dfd68b9447a32f48345c6bfee4e348eb5df86699f134c693a0977201110eb
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
6278eaabffa1ebc9fa2ceb3dc53eea9a1505ab02a668a86dd6fec06951af2164
Secunia Research has discovered a vulnerability in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service). An integer overflow error within the "parsehwp3_paragraph()" function (libclamav/hwp.c) can be exploited to trigger an infinite loop via a specially crafted Hangul Word Processor file. The vulnerability is confirmed in version 0.100.0 and reported in versions prior to 0.100.1.
35de8f1d0b377601d9193972f01694233332853eeac0bf4ef7798aa8df394deb
VMware Security Advisory 2018-0017 - VMware Tools update addresses an out-of-bounds read vulnerability.
86ec57319226d33988344e7bfea3bfafe67919ae2cbe080816b90e8b1cf1269e
G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.
a4a9b35e2dd08d915f0c7853b6318dcc7ae9080e1e6d5e6db10980d7390b81e0
A vulnerability allows local attackers to escalate privilege on TotalAV versions 4.1.7 through 4.6.19 because of weak "C:\Program Files\TotalAV" permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.
7ddb47fa9650b8d0c8373db8166f2ded014751591383842dbb2ccdcaaeebaa73
In MicroWorld eScan Internet Security Suite (ISS) for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a denial of service (BSOD).
8b95bb49aed9a1a93908ec4399e0088c6836bf8eba34be94d0cccbce2da183db
OpenConext-EngineBlock versions 5.7.0 through 5.7.3suffers from a cross site scripting vulnerability.
1c40f13fb738e9a91991869459b8beb8b294dcd95634775a7427ab9531fbb0ba
Fortify SSC versions 17.10, 17.20, and 18.10 suffer from an out-of-band XML external entity injection vulnerability.
f3e1c3959ab0ee3579f60e32fbe1e85917f22334a58f48d1e070937e0785d71b
Barracuda ADC version 5.x suffers from cross site scripting vulnerabilities.
d510a450dc89aec128f740c2165feac1c2ecbea0f587ba64ba94777c83e5d268
21 bytes small Linux x86_64 execve(/bin/sh) shellcode.
6885ff7099dd77b186692c4f4be3c1cfe8b14ec68b98e83b9a526ac97dce91c5
macOS and iOS suffer from a javascript injection bug in OfficeImporter.
e8a235449f752566cb48a2a1f6f65e02d52cbd77feb6354393a30e556c4552e2
Huawei eNSP version 1 suffers from a buffer overflow vulnerability that results in a denial of service condition.
b24cbd5e44631497f980ada49ba84c0ec20abe4dc64b92098e4db7abc8e76407