Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities.
0f86dde8e1c44108d2214acb30772974903fb5e2efa4f23d272a62cd0ca53b09
knc (Kerberised NetCat) versions before 1.11-1 are vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another service running on the targeted host. Proof of concept included.
5f21249af2b570413ccedbc2d38d69f7569143fd0ffd8e6431e4db2f29a7fb53
WordPress Events Calendar Premium plugin version 1.0 suffers from a database disclosure vulnerability.
383704f897617826c4fdc3af390d64e0b37907bf08dcf05be37a493b309db2f8
WordPress WP Complete Backup plugin version 3.0.5 suffers from a database backup disclosure vulnerability.
92c09b8545a80266ce8ccfa5cf484366783c4ebfe56b74dc62f2ba6e956cb5ec
WordPress Jazzy Forms plugin version 1.1.1 suffers from a database backup disclosure vulnerability.
9403666c8c643458d61b39b4df10497e4a2119781f40ecb04bbf328215296db3
WordPress pm_market plugin version 1.0 suffers from a database backup disclosure vulnerability.
49057b9856f52e7c1326bb6a40eec2adce2781ea4cc9af44a1dd3056fcc88fb0
WordPress wawp_framework plugin version 1.0 suffers from a database backup disclosure vulnerability.
8fbdbecfa3686c56da6732ca409952493ea81d7d040d9afd264b3e20d92f888b
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
93155b798544b2f07693920f4ac1b531c952965ee4eb1d98419961240177438a
Gentoo Linux Security Advisory 201811-21 - Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. Versions less than 1.0.2o are affected.
c1d2c4c1f169d7444a8ec783ed15c7533f43aef45a89c4f6cbccef76230c09e9
Gentoo Linux Security Advisory 201811-22 - Multiple vulnerabilities have been found in RPM, the worst of which could allow a remote attacker to escalate privileges. Versions less than 4.14.1 are affected.
dbe5366b678db36b941163032978eb4793921ab8f835a04b9d9232bde15f35a3
WordPress Delme plugin version 3.0 suffers from a database backup disclosure vulnerability.
cdf0038016909bdc9fbbb6b0131d33c91251f0f21c5d2c20ada0f2c1d6a2a0d1
WordPress user-spam-remover plugin version 1.0 suffers from a database backup disclosure vulnerability.
545976aab87512242d5f58cedab4af05cef9bd274b86805b2ce96fac81605ad9
WordPress hwm_board plugin version 1.0 suffers from an arbitrary database download vulnerability.
92b1425f6c23ab281b94eb21d5263e062608fbbdc2a35ca2c23fdcc9108ea18c
WordPress uploadingdownloading-non-latin-filename plugin version 1.1.5 suffers from an arbitrary file download vulnerability.
53d7a94a9e18f3b4caddffdf4610c695553544082472c38337520f6df805ee5e
WordPress sermon-shortcodes plugin version 1.0 suffers from an arbitrary file download vulnerability.
219e65b364ab6c17799bc19d5963a1260774c9cf1f4e1d23c741dfdb9ef8ff14
WordPress allow-l10n-upload-filename plugin version 1.0 suffers from an arbitrary file download vulnerability.
ec3365bc1a665d76c716098268b6ade37ed13bab4bfe312cbba37e0708d626fd
Joomla Event Booking component version 3.8.3 suffers from a database backup disclosure vulnerability.
9acbedfbb61ff2ca14e2453561fdf51bad8d74534c4e7896822e5b073624529d
Joomla DJ Image Slider component version 3.2.3 suffers from a database disclosure vulnerability.
73183e225d7b9669b460d103ab9a3882cac5bf20a75484bbdc8c64af23c4f484
This whitepaper focuses on attacks related to CORS, or Cross-Origin Resource Sharing.
3a51921a22b49222f2339d96c3e7837e52892458d3faf88b15a8ebdbd8876cb4
Joomla Fabrik component version 3.9 suffers from cross site request forgery, local file inclusion, and remote shell upload vulnerabilities.
1913b5395f0c68ac87d24dbcb440be3c830667b96bebeb7c0a20df74aa059240
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the localhost by dropping a python script on the local file system. Unitrends stopped bpserverd from listening remotely on version 10.
78074b1701e40ea4ef9e046d50ffaa646aa27cf4177d6b17c6371f5f32a674b7
Ubuntu Security Notice 3830-1 - USN-3804-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when validating JAR files that prevented Java applications from finding classes in some situations. This update fixes the problem.
166b04353de713beab9d08eea9a06f119e07b1b80978dd2605262a24dc29f7b6
Debian Linux Security Advisory 4346-1 - Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed (despite the -dSAFER sandbox being enabled).
31d5f9ccd80e2ae52f634417dc51d4efec799681af5b520ee3732b3908bb345d
FreeBSD Security Advisory - Insufficient and improper checking in the NFS server code could cause a denial of service or possibly remote code execution via a specially crafted network packet. A remote attacker could cause the NFS server to crash, resulting in a denial of service, or possibly execute arbitrary code on the server.
10bcc1748ee3a9d625fa8d7384fa8357ec3df2199059cc67ec2a7fe57ef95a19
Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
dd46625edf20ec566996b733efec4fa6ab1a394f429074cafd338ed82f2fc1bc