ProjeQtor version 4.5.2 suffers from a remote shell upload vulnerability.
081258bf82d0ffd88eeb2b6c53406776966e393e12f59c27c56af0870c182791
DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
a90aefae7da1aa551b84f0d928a33148efdd96e29752d17dd31962c49fe72368
Ubuntu Security Notice 2747-1 - Dario Weisser discovered that the NVIDIA graphics drivers incorrectly handled certain IOCTL writes. A local attacker could use this issue to possibly gain root privileges.
93ae91f31f2689b548949ab00e6bc3a4f6a00e3221eb6c715a036784028c2edf
Open Source Point of Sale version 2.3.1 suffers from a persistent cross site scripting vulnerability.
f1671bce7a9da376f8b83740a41aa9d21414efb032bfcb02310d72edd617c40b
Collabtive version 2.0 suffers from an arbitrary file upload vulnerability.
b1ee0eb6e9437d18623734420a78d2cd726cde7dca6939be3c5774847879e5a4
Mango Automation version 2.6.0 file upload and arbitrary JSP code execution cross site request forgery exploit.
369af63a236f59835ae9d5a84423f18106dbf1b5306ca3dd89941c5d6319d779
Mango Automation version 2.6.0 arbitrary command execution cross site request forgery exploit.
b09f9d0d9450a157ee3b553cca92aa462e2f7e2a6ee87d0b4a8ba6fbcc0e4298
Mango Automation version 2.6.0 suffers from an information disclosure vulnerability because it contains default configuration for debugging enabled in the '/WEB-INF./web.xml' file (debug=true). An attacker can entice a logged-in user to visit a specially crafted URL which will produce a system exception with stack trace on the Jetty server. When this error occurs, the debug option generates a status page with all the information from the visitor, meaning that the attacker is able to see usernames, password hashes, e-mails and of course, Cookie sessions). Using the generated error, the attacker can easily perform session hijacking and take over the system using previously discovered vulnerabilities by just visiting the status page non-authenticated.
1fbd54960e1a8376a34addc2eda82c308365f46b97f014b96b16a22e077651c6
Mango Automation version 2.6.0 arbitrary SQL query execution cross site request forgery exploit.
38d00e0cab4a748a1fcc3245087d28805312e778adcb96788a6049042e972de6
Mango Automation version 2.6.0 add administrator cross site request forgery exploit.
3452804cb607c2191e8133952e326e01991ce212c3686cc9fd10f03579695729
OrangeHRM versions 3.3.1 and below suffer from an unauthorized data manipulation vulnerability.
1f29e60d43418bbd4fba574abac4e07b014ed91d412c75eedb2deb6a5aa41d16
HP Security Bulletin HPSBHF03513 - Potential security vulnerabilities have been identified with certain HP PCs and workstations with Windows and Linux running the NVidia Graphics Driver. The vulnerabilities could be locally exploited resulting in Denial of Service (DoS) and elevation of privilege. Note: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android based NVIDIA Tegra products. Revision 1 of this advisory.
ec26c4604b9de2314879b4fe75f99245c83a0fb1824494b34d2637127bf7aa05
My.WiFi USB Drive version 1.0 suffers from a file inclusion vulnerability.
291d895c909d0e7e884d9e3475bc4fd0693023383eef111c66707bcae766d782
Flowdock API suffers from a malicious script insertion vulnerability.
a3b7855c7e90fcf4c75103af35130d53982d9d62505e762c85e860f5faf3646d
NodeBB version 0.8.2 suffers from a cross site scripting vulnerability.
d57f11bfe70287dfffacacdc169c4b777ffa00972b7da86b4dc99814bccfc23f
The encryption scheme used by Mikrotik's Webfig terminal software as seen on the RB750GL running RouterOS version 6.18 is susceptible to offline brute force attacks that allow a third party to recover login credentials (username and password) as well as full decryption of the terminal session. Full write up and proof of concept tools are included in this archive.
d0d1affb518b37657fed9af631a57aa3813a11d020ea75cb33748ab31aba0ae0
Mango Automation version 2.6.0 is prone to a reflected cross site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'username' POST parameter in the 'login.htm' script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session.
41ab244aefa7fced98821ec993549932a6899a590c057be0463567b385b9e724
Mango Automation version 2.6.0 suffers from a user enumeration weakness vulnerability.
537cc8a30faefec691fd5f8e0974b8ccb201b1d73876b4069c8f983045648729
ssh-agent.exe in Git version 1.9.5 suffers from a buffer overflow vulnerability.
ce634473f825d0f57046db4dc9958352e6697eedb52ff14a9efa1297a55a6652
Telegram version 3.2 suffers from a denial of service vulnerability.
90996d03212ed2c75f8fd0f227cfaaa7bd7b0fa0b0abb5f28d2eebcc8b3de810
This is a short write-up of the Ubuntu Apport kernel_crashdump symlink vulnerabilities along with some proof of concept code.
6ad9dbf653da822a763a4a0ee8845d1ea92def27b988d96ac422f942ecd40aac
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
4a19214d7673f9c0eba2e4e5ac78152309464186d16df48944b8f5644faa802d
This Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the 'nobody' user.
f3ce91f963a609ee2afb35c805a8185b216151f2f25fca139375b42759d02476
This Metasploit module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes.
7c6decaff907ef3b9b1bb529a51ba19b1033c58a2df89c836c3f0ff8739caa9f
X2Engine version 4.2 suffers from cross site request forgery vulnerabilities.
3ff64763cff039036ce49876b8feba0377dcadb9b0e71850c458529d2d4b3ba5