WordPress Firma Rehberi theme version 4.9.9 suffers from remote shell upload and remote SQL injection vulnerabilities.
c8c59e4a02f5403a340feabc1a089f4884ae51077e5c20ac3c4a8b5295873a49
ZeusCart version 4.0 suffers from a cross site request forgery vulnerability.
62ccf2210eb7dc657459af9201570ab62754284d94a82f3efa750f369e3f08ab
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed.
7858808a9580d86e2e50d68ec558fefa12e52e066ec9cec0e4eb1dad8f3869c8
Microsoft Edge version 42.17134.1.0 Tree::ANode::DocumentLayout denial of service proof of concept exploit.
9acf1553b18b56a1c543ae6156a84a5ed7e2d14342a8efb0fc0ebc7ee7a97b07
D-Link DIR-140L and DIR-640L suffer from an administrative credential disclosure vulnerability.
b26f91b5126499f96db63c1c08d745374df36ca7f8060dafe4f83f20296f194a
D-Link DSL-2770L, DIR-140L, DIR-640L, DWR-116, DWR-512, DWR-555, and DWR-921 all suffer from an administrative credential disclosure vulnerability.
dca2d69a069947657f9ad127114026dad24b6dd36bcc4f4533a96dee6c8cba95
D-Link DSL-2770L suffers from an administrative credential disclosure vulnerability.
cdee0b9e1b44d1de12c9b9fb9646ccaf5944e86d2cdee4427ae81b503463a86c
AnyBurn version 4.3 SEH local buffer overflow exploit.
721307441b009d986459a18b09c46385f0dc2a9ebc573853323b5b40f2bff89c
Angry IP Scanner version 3.5.3 denial of service proof of concept exploit.
5587d6c9d57d450f108f5e6bff493676614f9713bb9010fa97a5ce6f1f245236
Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a cross site scripting vulnerability in the Alarms section.
86d14a418d1c96a1de4aea21241185938cae7766df1b79f5ba59466c6647d576
Zoho ManageEngine OpManager versions 12.3 before build 123239 suffers from a remote SQL injection vulnerability in the Alarms section.
df3b4cca1a33cee2c1b1466213ad18fa0d9f4707c689196c5a9641e212dd2ad0
Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.
48d96c0c3430d878112464f31d6eeadae2c2f83b0d2533746e74c9f17d8e0f36
Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.
255511782c79945ab6f218abd699801864552a7945b1791b84b548a8c0971a6a
Exiftool version 8.3.2.0 suffers from a dll hijacking vulnerability.
9125ebd05baf3cba08b78407ca03eb09d7ec9f270114ad2d4353f2644f25aa65
LibTIFF version 4.0.8 suffers from multiple memory leak vulnerabilities.
99b39c7e3e305f25232c535712f3fc0ca2051fdcf102d69777eda04623c5b380
Netatalk versions prior to 3.1.12 suffer from an authentication bypass vulnerability.
51cc419b02f4835a42ebe3c7b66a61c51ecb13389b696f0f310e6231976a1021
PCRE version 8.41 suffers from a buffer overflow in the match() function.
3f1207d02f6c9c3867b95b89f18c07e29db058dcc1a59efdfff8b4e9cda80af0
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
700437ed6661ab9c7c3b03c3817839bda5dd3b2001180f4f2f725eab779578a4
Proof of concept zero day exploit that demonstrates being able to read any file on Microsoft Windows.
0d21dea6b52ca43506fffddb7e706515d706e0ea959580f677916db5f3af774c
Ubuntu Security Notice 3849-1 - It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
8af550c56d88e940bd49fc37b8e96986f53f118dc0a33f1ef43ae042d260ae9f
Ubuntu Security Notice 3849-2 - USN-3849-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
bdd2087e5d8c2e6ea3ea9fbd008a48c85005b8014c5200920d37f2ee93426078
Ubuntu Security Notice 3847-3 - USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
88ddcb277ba792306a56a051e1a6ea3b2df9a11ba6f4d4f0bb790bd6664c4b64
Ubuntu Security Notice 3848-2 - USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
0e01790258c142284e2a185f6b24d6e1b1322200ec802bdf3976255b1f7553f0
Ubuntu Security Notice 3848-1 - It was discovered that a double free existed in the AMD GPIO driver in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. Kanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
ef32f46b101a860f44706fee0448815aa83426a298a340332abb7bab4d753836
XMPlay version 3.8.3 local stack overflow exploit that results in code execution.
6c199b638d8b42e86e1564b607a46e827485c7e7a005efbbe2ff1a41c6db514b