The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by checking process of impersonation token which allow a user to inspect and potentially manipulate other users mounted encrypted volumes on the same machine.
b9912959dea9864927e9d66a4186b8a6617c45745645d5b82d3eaab9bff7b6aa
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
95f2345e041e9ba838ad8065b68ce0ec4b0971d7afc72d601489236bbfc0c652
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
7fd553ee39173e807477ed1daff6ee2f8b1c83875cd2e52a1df3315bf0015513
Distro Checker is a tool written for doing cross distribution exploit testing.
022a90231764ed9b0e48572c61d2794b93fa205b0a56e7db376cd45c213afd39
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
ec2e393341678fc93eb61c1bbf9cdc6a0b41885d9bbd93b0417173fe657a7509
PHP-Fusion versions 7.02.07 and below suffer from a remote blind SQL injection vulnerability in the admin panel.
2d3631f3cae71c6c00737d58613810035ce43dc14bb280fe68f78f41a9cf3de0
LanSpy version 2.0.0.155 suffers from a buffer overflow vulnerability.
2e17ea86e3b7e6207891ab7629ef137a4bc24466fafb4299bf5316035b1c6609
WordPress Easy2Map plugin version 1.2.9 suffers from local file inclusion and directory traversal vulnerabilities.
89fef2eb1e9eb1f0402391f86cf88a6187cef6759d3a1f9cfc03b88f6af502f4
WordPress Easy2Map plugin version 1.2.9 suffers from a cross site scripting vulnerability.
2ceebaff32ed86949d742881d73497aeba9a509039ce1ebe306fea28e73f3d99
WordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.
77dc179cb529b870639eb019931596493779f2f1e32d9bd99a03db17385a4abc
Ubuntu Security Notice 2753-3 - USN-2753-1 fixed a vulnerability in LXC. The update caused a regression that prevented some containers from starting. This regression only affected containers that had a path that contained a '/./' directory specified as a bind mount target in their configuration file. This update fixes the problem. Roman Fiedler discovered a directory traversal flaw in lxc-start. A local attacker with access to an LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container. Various other issues were also addressed.
26cfe085202e157543b578b53dca21709f264378e7890dda1284be96782f45a5
Ubuntu Security Notice 2765-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
a12bd71a124e85e19f3a788a1278f193e178fe0de50b7d32497e92e8abeb282c
Ubuntu Security Notice 2764-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
84a1b1a86737830a22b5fbcfdec9a5049d08aa63490d2fee1fbb64f43b8f8e13
Ubuntu Security Notice 2763-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
17ffac8653fbca12a326ebe188931aa55a7af3f3908f2c68ec9bdf4b050405a8
Ubuntu Security Notice 2762-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
557d0378bcacaae31e66c9113d740c1cdcdd9aa403663541c724caadcc60c003
Ubuntu Security Notice 2761-1 - Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service (system crash).
a921843058fb9a0df6031304ccdc763cd2c1f7532bf2b29ed722f2386692514c
WordPress DWBooster Payment Form for PayPal Pro plugin version 1.0.1 suffers from a cross site scripting vulnerability.
2007df90ba493db7564966a60dc98a55c84ad721b9f2fc60ceb9f46ac334c43e
Liferay Portal version 6.2 EE SP13 suffers from an administrator-inflicted cross site scripting vulnerability.
e137181199945439684e4ea7bf1d423e31ddc64173fd464c512550a84430d277
SourceBans version 1.4.11 suffers from a cross site scripting vulnerability.
8bf06e8406bad27f08f2a97b4717d95fd3058836c68b4f936b0f9829a5665589
ManageEngine ServiceDesk Plus versions 9.1 build 9110 and below suffer from a path traversal vulnerability.
f8c2df4202c241dffb8fdf7f5b2b23f85c16dc7b6036aaef2466f7f1c632fa98
Cisco AnyConnect Secure Mobility Client version 3.1.08009 suffers from a privilege escalation vulnerability. The fix for CVE-2015-4211 is insufficient which allows a local application to elevate to local system through the CMainThread::launchDownloader command.
d8d8aba2be2bbe07e77874ac6db9c506cab1e1e1d4012296e7b37ab6841902a0
ZTE ZXHN H108N version 3.3.0_MU suffers from a CWMP configuration disclosure vulnerability.
2a0797ba5acfc3ee0289de8d4ef17774c784e1c02fafa0180d9adb61c382dae0
Callisto 821+R3 suffers from multiple cross site request forgery vulnerabilities.
af4316b3fe76f674686548d0a61b7526220457c2d325ea722aa52b51a1102270
WordPress U-Design theme versions 2.3.0 through 2.7.9 suffer from a cross site scripting vulnerability.
a5fc153165fd8d5c3958ae8834b300fae1a0c7d6555f1e09c398f2b74c1082ae
This is a small python script that will enumerate through a list of targets and test their user agent for the shellshock vulnerability.
394a7921e89370c9d46b7105136fa1e127f06fefe2c6d6a4c8bb66f41b592170