Android binder suffers from a use-after-free vulnerability in VMA via a race between reclaim and munmap.
30e7b19cade88138c58960f0d7e5f5b18ba1d4a346ffb29b3faf11ceb745b600
Android binder suffers from a use-after-free vulnerability via fdget() optimization.
e1809748df02c9d09d6f4feddfb033fdc2a0eee3d38b0c8d9099f338a04d4eed
ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
e7a7e35d19eb00c27d3e5a83f49a37732228ab8b9169c402dd0fc23ea9477c79
Ubuntu Security Notice 3887-1 - Chris Moberly discovered that snapd versions 2.28 through 2.37 incorrectly validated and parsed the remote socket address when performing access controls on its UNIX socket. A local attacker could use this to access privileged socket APIs and obtain administrator privileges. On Ubuntu systems with snaps installed, snapd typically will have already automatically refreshed itself to snapd 2.37.1 which is unaffected.
108b24a0da7384b87372197169bd65dc91c58a776947dcdbab22a5dcd8c8063a
Red Hat Security Advisory 2019-0324-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
eb4166c50e12a48a55f375462457cc665acf1c2f7589037a65eb5ae947f94e0c
Red Hat Security Advisory 2019-0315-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a cross site scripting vulnerability.
dbe3bdd9fb25b0f8e7112aad117c48847fd8f9f967a4b076ee5b40dfcc7e2918
Debian Linux Security Advisory 4377-2 - The update for rssh issued as DSA 4377-1 introduced a regression that blocked scp of multiple files from a server using rssh. Updated packages are now available to correct this issue.
04ea79421a23915574a69671fc8a387fa5815474d3fc32adfb1a5a4e1e85de75
CentOS Web Panel version 0.9.8.763 suffers from a cross site scripting vulnerability.
363a981e5d0b6820f7dbde5f83a8e9b84e0cc2a0208e369d24a824efdd7dd5ee
LayerBB version 1.1.2 suffers from a cross site scripting vulnerability.
702c64ef6a0d830cae9f5467564cef670bd29d35be3a0a60bcd6a840fb550c9f
BlogEngine.NET version 3.3.6 suffers from code execution and directory traversal vulnerabilities.
e49280b62c0fab022834f64d848d66c34f0be69807c773aa5c6000bf8eead37e
Joomla ZCalendar Zap Calendar version 4.4.0 suffers from a remote SQL injection vulnerability.
0fd178b31648f3260452ba672ccfd7a94ebc42604baf12da7d46688879a39c6b
Joomla WordPress Blog plugin version 4.8.0 suffers from a remote SQL injection vulnerability.
f23d0cf4071ad835fc57ff9482cc094ed174de476687030b773d1f1d64132f26
Joomla SermonSpeaker version 5.9.0 suffers from database disclosure and remote SQL injection vulnerabilities.
49477a24bf923b15d7a1fa08ddc92a230dc8d16473c7b84812942e3253b3e04e
Joomla PhocaGuestBook version 3.0.8 suffers from database disclosure and remote SQL injection vulnerabilities.
ff3ed0f4f6b454abdcb15666e6a1492409e1946ba2cf91ede9b57a8366956184
Joomla Mosets Hot Property version 1.0.0 suffers from a remote SQL injection vulnerability.
7e0f599e2a5ac00ba05dcfd0954c7ad84f620009dbd2dc1879f788236ebf35e1
Joomla JoomGallery version 3.2.2 and PonyGallery version 2.5.1 suffers from database disclosure and remote SQL injection vulnerabilities.
67a774b08d7de877c935eac6bfa362b3adaa01b872550253e50478960fa34e27
Joomla ExtCalendar version 2.0 suffers from a remote SQL injection vulnerability.
f1ddc09174aefaf7e7e70d98ddd545b17e5a8103c4059ebb61ae539c02af0ebc
Joomla BookLibrary version 4.0.31 suffers from database disclosure and remote SQL injection vulnerabilities.
666573b06f3b684ec2602cb6e3a8267107b0d14b8d72d5580802d755724fd52a
Joomla Agora version 4.10 suffers from bypass and remote SQL injection vulnerabilities.
5ee466b9276f596647b1cb303df250caa5a3b0c0b515c80a0250a2e313c4457f
Joomla ABook Alexandria Book Library version 3.1.4 suffers from a remote SQL injection vulnerability.
e87de497e1bf652b6ade3c24668df4261df02eb3e949f4b1f9f1eb1d4eb165e6
Debian Linux Security Advisory 4389-1 - Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2F or an application with libu2f-host integrated, to potentially execute arbitrary code on that computer.
e958c3e439087b235f321d5e3fda54438a4a239199a038e5a4b8cfcb3ef24ec8
This Metasploit module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The vulnerability is exploited by a small script prepared in NodeJS. The sh parameter allows us to run commands. Sample script: node { sh "whoami" } In addition, ANONYMOUS users also have the authority to JOB create and BUILD by default. Therefore, all users without console authority can run commands on the system as root privilege.
8ea53be5af0483c2c3d30fcac65026e3a286197d419ceee4de6b5bf2f1cabbcc
This Metasploit module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to "Enable Content." Once this is pressed, the payload will execute.
7a0ea0738d43606ec6870e46a4249dfcb5578f826120fe39781d750879c33d98
Webiness Inventory version 2.3 suffers from a remote SQL injection vulnerability.
7938902c9f301faa0f8de8e0dcb408f4f33880e0a27f737835c8243f972462d6
MyBB Bans List version 1.0 suffers from a cross site scripting vulnerability.
95a8b1f2cfa7e437a276bbabdb00d7498620ef5483e38eeeb1eeecad3491dba5