School ERP Ultimate version 2018 suffers from an arbitrary file download vulnerability.
d3378cbdf6bc9b661f042cd45fa13e4b05c606e5d8bd44c24325254104a96a2b
MySQL Edit Table version 1.0 suffers from a remote SQL injection vulnerability.
8a3456c75957395a22a2a8ae80d668ad8b82507421bd39c72b28a4451650a93e
Modbus Poll version 7.2.2 suffers from a denial of service vulnerability.
9ad84d566a67041600a87c7ba57361924f3dde7551b9296f72542cc385cef813
AudaCity version 2.3 suffers from a denial of service vulnerability.
c5901bb84c7c732496da846f99d21f5b3385bcd92fd834772a289f2684bd986b
This exploit permits an attacker to bypass UAC by hijacking a registry key during computerSecurity.exe (auto elevate windows binary) execution.
21b288f1176d274ff81831600b08bc360a27850b835d8b11afeb4c8176e4c76b
This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This Metasploit module is tested against windows 7 x86, windows 7 x64 and windows server 2008 R2 standard x64.
79eca834aca76d7c9dcfa923affa9994710ca886d5626b9d0a2674dfb96f1d76
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad
This Microsoft bulletin summary lists a new CVE that has been added to the October advisory.
29a8949cb9ba72f136a4c3d52c21fbc74b121f4f5701451e5310ff34caa73a37
Viprinet VPN Hub Router suffers from a persistent cross site scripting vulnerability.
52bc57a1b9cf99352f7f193f1e7f5d546ad57fca447fffb65f78855a2d95b210
WiFiRanger version 7.0.8rc3 suffers from an incorrect access control that allows for ftp retrieval of an RSA identity that an attacker can use to ssh in as root.
0dac8dc00687d4ade56ce5c6d6ea523fcc5dd99ea0a15c17eee3efc370c56302
CA Technologies Support is alerting customers to a low risk issue with CA Identity Governance. In a certain product configuration, an attacker can gain sensitive information. CA published solutions to address the vulnerability. The vulnerability occurs due to how CA Identity Governance responds to login requests. An attacker may exploit the vulnerability to enumerate account names. Affected products include CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 and CA Identity Governance 12.6, 14.0, 14.1, and 14.2.
77fb382be97c445901464a21707cba72f39427d270744ebfe38f59cd2119ab24
libSSH suffers from an authentication bypass vulnerability.
6bcffb74a9c2f6e6896ef61d538f794814156c05eda4456a642ba4d74d440fe2
Zoho ManageEngine OpManager version 12.3 suffers from an arbitrary file upload vulnerability.
b33e29926189ccf274c11a2f500355455426ce1a4b36d07449efbf681fa210ab
The Apple Intel GPU driver suffers from use-after-free and double-delete issues due to bad locking.
4d6791432618061cb975059371e237f9a46d82d2bec01d12172ccd55d321b85d
iOS and macOS suffers from a sandbox escape due to trusted length field in shared memory used by the HID event subsystem.
9f92e17a4bc90ee3be401ed5757d7b0662a8fcc83025305c4d6a1dcfb6c4d537
iOS suffers from a kernel stack memory disclosure due to failure to check copyin return value.
60108b89486cb359363b2d03bb42b7169fee6f244ce5cebe800da43c4e47b46b
iOS and macOS suffer from a sandbox escape vulnerability due to failure to comply with MIG object lifetime semantics in the iohideventsystem_client subsystem.
ff9f40b9c0d00a8ee0be928d095a2be9b2f36e3eb4f05ff0773213385268c2ab
iOS and macOS suffer from sandbox escape vulnerabilities due to MIG failing to use correct out-of-line descriptor lengths when parsing reply messages.
5091c4468fab2e2a1470f04489a28ba0db8e5cf1a82d942ae755cb6a186288b4
iOS and macOS suffers from a kernel memory corruption vulnerability due to integer overflow in IOHIDResourceQueue::enqueueReport.
0dbe4b20474f95c05693ec94926bd5cf5da65a1cbf559520b14b1deda15e2456
iOS and macOS suffers from a sandbox escape vulnerability due to mach message sent from shared memory.
a3d215b3dcbb576bdd541af3b90d6ce149694fdd4b79be4354ec9f8a117ca103
The iOS kernel suffers from a use-after-free vulnerability due to bad error handling in personas.
aa2e893e44b3383afac1e9706aeb1eb72350ea667bfc363aae18388d5c8a4888
Red Hat Security Advisory 2018-2949-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include out-of-bounds write vulnerability.
f241453ffa163d40dd81258a5862a82222959a75a2cbbe5df63dc0fa6673d22d
Red Hat Security Advisory 2018-2946-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. The RHOAR Eclipse Vert.x 3.5.4 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.3, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.4 release, see the release notes in the References section. Issues addressed include an API validation flaw and a problem where the WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake.
e29c6150ae8d0030a070aada9327816802a5882ebb9954d037d9af034d62e61c
Red Hat Security Advisory 2018-2944-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include an out-of-bounds write vulnerability.
fbd71887a969f803ba77744adb4f3767ff5ac3ced19975e9e474b78bfdce39c6
Red Hat Security Advisory 2018-2945-01 - Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Spring Boot 1.5.16 serves as a replacement for RHOAR Spring Boot 1.5.15, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Issues addressed include a denial of service vulnerability.
ddfaf8bb4cf6423bb14ed2a6d7fa6bb022af219eab477c44382342e63413890f