This Microsoft advisory notification includes advisories released or updated on July 26, 2018.
35a049ea6e21911bf22ccf3333cf87a197c717531e4d3d0322045c4ebff9954b
This Metasploit module exploits an arbitrary file upload vulnerability in Responsive Thumbnail Slider Plugin v1.0 for WordPress post authentication.
8ee01269b9ed74a3a7ab070775e8793353cb3fbec90f61759ae14ae92e25bdfa
Debian Linux Security Advisory 4256-1 - Several vulnerabilities have been discovered in the chromium web browser.
b37c2f37b7d2cc256391b4cbdfc0701d5bdb60add7642c0eba9fa126b255b5cc
This Microsoft bulletin summary holds a CVE update for CVE-2018-8202.
d711a2912b947865bc4e6a6c596bb87a47a588684e75b6c65b74d11197146979
Symfony versions prior to 2.7.13 suffer from a remote information disclosure vulnerability when app_dev is enabled.
baa4cb71d8a7e687f3f227e5d3b231e472d19e18576f68e684b2fa07658110b1
QNap QVR Client version 5.1.1.30070 Password denial of service proof of concept exploit.
344266a6610d9fb0b8af67ee0364c8582222e5c2c5b279a1ff7c99858b7373b3
NetScanTools Basic Edition version 2.5 Hostname denial of service proof of concept exploit.
792e6842f6cc2cb1b7aa4155d87d7e9828717fae9e9df0341583619885054295
Online Trade version 1 suffers from an information leakage vulnerability.
a91f5b0e4cfa752730c67a58f8a10dcd191b2f0472451320697abfd0f4be2e53
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
4cf5f05dae8f184bfb038300d37032c108f0fb932ebd4282e6797a15946a0d23
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
1d28957e10932b98295c0ef284cd9bb45ce286f9a62fc41a6bfeb51910c4c914
SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.
b79184adec75f473b47197947faff63cfba84edcfe7f5a771347dd49fb829b26
WordPress Gwolle Guestbook plugin version 2.5.3 suffers from a cross site scripting vulnerability.
0102adc89a526756f71376d8ca8b12e0af203e535a067eed6ad082c80015d2a0
WordPress Strong Testimonials plugin version 2.31.4 suffers from a cross site scripting vulnerability.
29e3e61c5bb4cc522ae61f3fdbf89e035d73bfa6c4c7ed5ee78b79874121d335
Super CMS Blog Pro PHP Script version 1.0 suffers from shell upload and remote SQL injection vulnerabilities.
1426e8a1d4ce750b316b81e96cba271080be1dc72b6b5272f6b2e0a9e01bbbf9
FTPShell Client version 5.22 suffers from a remote buffer overflow vulnerability.
93f19384fadcce430aec104a42aacbbffaeb61937eec9731334566047aea5368
This Metasploit module exploits an authentication bypass in .srv functionality and a command injection in parhand to execute code as the root user.
c10f9b22f833b812b5b5320ea587dedf77fe8a60a4a58ddec5548a2ea5fb202d
Trivum Multiroom Setup Tool version 8.76 suffers from a cross site request forgery vulnerability.
089d519a68650f17e77aeb208817d089d6ad194b453eccac690b71c2ff37c3a1
There is a heap overflow in Skia when drawing paths with anti-aliasing turned off. This issue can be triggered in both Google Chrome and Mozilla Firefox by rendering a specially crafted SVG image. Proof of concepts included.
3f160181c8497dc4cf1f1145b96c07f641ce5f7ac700a9824ddcbbf59315795b
Core FTP version 2.0 XRMD denial of service proof of concept exploit.
66307a4890821f1325509963fa3a88fdd06110613682aa0ae6983a65634cc93f
This Microsoft bulletin summary holds CVE updates for CVE-2018-8308.
dea63ee770752757f3393bac9560688ed9ae6dbfb0eca27e531bdc642cfdcaa5
CleanMyMac3 suffers from a local privilege escalation vulnerability.
6744052aebb52d3e899c7d82463ec8086571011160b1cf1d11510bcdd6c0949f
WordPress Snazzy Maps plugin versions 1.1.3 and below suffer from a cross site scripting vulnerability.
69d9372e1f11eb13779812a45773c8c5799eb581c2d4f0a43fdac8c63bc11aac
Red Hat Security Advisory 2018-2251-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
cfab7a998bd27c1e4a1a0e65a6b7bd19bed1aba4d0504b8ee9a31d57643744bf
Red Hat Security Advisory 2018-2252-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Issues addressed include buffer overflow, cross site request forgery, and use-after-free vulnerabilities.
710bbfbe7f1c6bbad567e4d6df96227243d295254c8df4498a8b7b3a8cd14173
Red Hat Security Advisory 2018-2255-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 191. Issues addressed include an insufficient validation vulnerability.
7f56d6d295c0b9904a9d164fe4d5c455c5008ad4d1e65d4ab50bb02cf2ac133d