An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.
843062931f3d85ff42aac061fbc4007b19a65b2deb3e53ce1c161532a0586172
An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.
03dc48edf642f79b31afeae22c3d7656aa0c1b7af7fa4437850772c1cd927437
An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.
af5b23fa20f418a3ae4846c607a1b417e1e10c46d2de2f3be018020bcadeb4d2
Pycat is a simple Windows reverse TCP backdoor akin to a netcat TCP reverse connection clone. Written in Python.
87c525e44512dcd47cc0d652b9ad377f81a2997c6ac650b9f0346ac0b7e1c508
Apache Pluto versions 3.0.0 and 3.0.1 suffer from a persistent cross site scripting vulnerability.
bc0a3e0163f2496ba695cd031c4936411fb61ecb6d3dd26b359fcdc291d07788
GAT-Ship Web Module versions prior to 1.40 suffer from an unrestricted file upload vulnerability.
29b659482027b40950b1a55c4531b6749375a0bdfd8e2c1ecbc694deaca21696
NSauditor version 3.1.2.0 Name denial of service proof of concept exploit.
b45728985b980ab332a9c0066bf7ba8f9e7789f8d7efa96c6d4d13b4c4ca0152
NSauditor version 3.1.2.0 Community denial of service proof of concept exploit.
4a1ef16e2621b86e79559a9f688df31ba3a101c21e9fc34cd25db04ca9b4052a
This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there are not many services yet that use DynamicUser, and the requirement of collaboration with another process limits the circumstances in which it would be useful to an attacker further; but in a system that makes heavy use of DynamicUser, it would probably have impact.
064bbdd76f48df03346ba02e71f7b8230c92792ac615692d64f9d04ec97b425c
Lavavo CD Ripper version 4.20 license activation name SEH buffer overflow exploit.
3983b9f05d055c78f6849eb93d3fb1883efee5a082c670dbddbea041819ff59e
osTicket version 1.11 suffers from cross site scripting and local file inclusion vulnerabilities.
a3a0c940e3990234b185e1da84523131a41176574735f7fdcd88b7bd105ca85a
Ubuntu Security Notice 3956-1 - It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.
3d24ed0e149890bba90071f8a75a8241b8ac0de8924929c8af98c07861a6b0c0
Ubuntu Security Notice 3955-1 - It was discovered that tcpflow incorrectly handled certain malformed network packets. A remote attacker could send these packets to a target system, causing tcpflow to crash or possibly disclose sensitive information.
6cf5a53ec29be9040d1801329f4f20f949f71d9d030b7c6df3a273f9ac45bd7c
Ubuntu Security Notice 3922-3 - USN-3922-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
803a4bbada6ca25b99730a60e87bb2e4bd4ffb9f3b9c099cee7b2e025aff543b
Red Hat Security Advisory 2019-0886-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6 and 7.
51ee6ce89ffa1483a5ec9d03a365dbe195147c06ea7b02816c74f69960f40146
Gentoo Linux Security Advisory 201904-25 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 3.1.0-r4 are affected.
b8ef2d5b31853634154b8d8df5f413eb259a7fcf09e7c186b608a5ad6e3aad61
Gentoo Linux Security Advisory 201904-24 - Multiple vulnerabilities have been found in Ming, the worst of which could result in a Denial of Service condition. Versions less than 0.20181112 are affected.
89fc4c461140c0c378a047021c889a873387afdd57d749af13dc04ddb3fedb14
JioFi 4G M2S version 1.0.2 suffers from a denial of service vulnerability.
bfb318c7283d8c93cf9ad2a4ebed7e3340ee93cda24996f05d110932ada60d32
JioFi 4G M2S version 1.0.2 suffers from cross site scripting and html injection vulnerabilities.
a76563a625e94df0efd3181bfd88a48c5d42ad331df04f77b53be95efc39a591
Backup Key Recovery version 2.2.4 denial of service proof of concept exploit.
fda5aaec9e849b7ef551fa6227f43b87a963b19943f7a75d681f96e9b8db2be9
HeidiSQL Portable version 10.1.0.5464 denial of service proof of concept exploit.
fde7b9d442a468d221f6586a17c488a893198703baa9d9cfc49c3e636abd98f0
AnMing MP3 CD Burner version 2.0 denial of service proof of concept exploit.
78466ee8b720a5ba53c6f0f8d1341df659ae685fbd0dc8043428a21c726da7c8
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
6118f08b88c0075f39820296f0d76889165dd67e64dbfdfd1104d6d122a938c9
Chrome suffers from an integer overflow vulnerability in NewFixedDoubleArray.
fee96039860fbbb8b9bf0114df077f357a98c9c049396724d0575314295ee4e5
Red Hat Security Advisory 2019-0877-01 - Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.4.0 serves as a replacement for RHOAR Thorntail 2.2.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
5a770a9e44f952c4dbd8ebcd0a5a7da0c0737d9f710ca712c6c037e86137438f