Ping Identity Agentless Integration Kit versions prior to 1.5 suffer from a cross site scripting vulnerability.
90202023fa36c339da0206d4fe19c467
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
c9628996a930bd18ce8e635dbedf0362
Zyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall.
0939a6e730c410be2d31a0edca0b654c
An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server.
732ba97c2b92f9c52f82438a5b2e62cb
DomainMod versions 4.13 and below suffer from a cross site scripting vulnerability.
abdd89fa42b1d5294293585a994a23d3
Sentrifugo version 3.2 suffers from a persistent cross site scripting vulnerability.
203f0c12e7ce8ea1526b805548d1d366
Sentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.
655fed3acb14010214d2abf09b493d71
Canon PRINT version 2.5.5 suffers from a content provider URI injection vulnerability.
12c45ab214d78e4716fdb4da980abe18
VX Search Enterprise version 10.4.16 suffers from a User-Agent denial of service vulnerability.
70db1550245dfdf594fae85bd5db5166
WordPress WooCommerce Product Feed plugin versions 2.2.18 and below suffer from a cross site scripting vulnerability.
d285a91dd10aac06903b90b2aede7ce1
YouPHPTube version 7.4 suffers from a remote code execution vulnerability.
6741f9dc5203d6377ef0616a76b6be15
Easy MP3 Downloader version 4.7.8.8 suffers from a denial of service vulnerability.
b383979ed72321cd99f77daa5061fcc5
SQL Server Password Changer version 1.90 suffers from a denial of service vulnerability.
8bfa84099cfc8812f6a672ddb08f7cf5
Asus Precision TouchPad version 11.0.0.25 suffers from denial of service and privilege escalation via pool overflow vulnerabilities.
7c6e0afea20f92a97d7e821769e9a53e
This is a brief whitepaper on how to find savedata exploits on Sony PlayStation Vita (PS Vita).
5d95461465519fb5f8b887494aae187a
Ubuntu Security Notice 4113-1 - Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. Various other issues were also addressed.
599a920f74022391b3784ad5e42c2f5b
This python script mints a .ps file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell.
9592257d1332e2c7094af04e4b98bda7
WebKitGTK+ and WPE WebKit suffer from code execution, universal cross site scripting, and memory corruption vulnerabilities. Multiple versions are affected.
6a2dc454c23ad438ad79876d3a2b48db
QEMU suffers from a denial of service vulnerability.
78b5e64a07ffde1637ff6ddc052faf6f