Kanboard version 1.2.7 suffers from a cross site scripting vulnerability.
a58b7d6eeb41ea41e14a67f936e8739705bd08162e668835de7bf2b9bb704ad7
Deltek Maconomy version 2.2.5 suffers from a local file inclusion vulnerability.
f2cecf22cbc31eab8ed4e6c44b59435d507f9fbc96f52b16c9d342cea5cf19d5
MacOS X versions 10.14.5 and below suffer from a Gatekeeper bypass vulnerability.
76e6187e250514c50b8fb1fa0a230303592e3a59928db823711053d46ba942c4
Joomla Attachments component version 3.x suffers from a remote file upload vulnerability.
d5cf192e5152e876357d03867d1696944ce222fb9fd6fc28bbda9eb210bdfcec
WordPress LaneMotorSport Responsive theme version 1.8.4 suffers from an open redirection vulnerability.
c773b4e24405db76687a63141ffb6f0653b1cba095829d52d3c0fd1185ee6365
WordPress DingTalk theme version LTS 4.6 suffers from an open redirection vulnerability.
bf481cdcc9944c07aced376c1ce6a4c46118734173d70e92e2550de526dd1dfd
WordPress 4DMayi theme version 4.6 suffers from an open redirection vulnerability.
8dd99af5a442bbb034a90f82b493ced068c2831cb576af9f4e5eb9ef2e345243
WordPress lqcPlugin-regiePublicites plugin version 1.0 suffers from an open redirection vulnerability.
a6bfb5dcae481d5b431bcc539da8ac6b3f27df0f3281ba72a8b1c4bf2493f8ea
The Support team for CA Technologies, A Broadcom Company, is alerting customers to multiple potential risks with CA Risk Authentication and CA Strong Authentication. Multiple vulnerabilities exist that can allow a remote attacker to gain additional access in certain configurations or possibly gain sensitive information. CA published solutions to address the vulnerabilities and recommends that all affected customers implement these solutions immediately. The first vulnerability occurs due to insufficient verification of custom privileges. A malicious actor, who has access to an account with customized and limited privileges may, in some cases, access resources and act outside of assigned privileges. This exposure does not affect installations where accounts do not have custom privileges. The second vulnerability may enable a malicious actor to conduct UI redress attacks to gain sensitive information in some cases. Affected includes CA Risk Authentication versions 9.0, 8.x, and 3.1 as well as CA Strong Authentication versions 9.0, 8.x, and 7.1.
ef42b4a17a8b60fc53d7e5c399e58653c06578f01ab6db7ea9f0569b72b8882d
Debian Linux Security Advisory 4451-1 - Thunderbird vulnerabilities may lead to the execution of arbitrary code or denial of service.
7c0997408a516b38bd2ff33efdab9ee1a2b6e4d2bfe479bcfc717d4f571b3aa2
Debian Linux Security Advisory 4450-1 - A vulnerability was found in the WPA protocol implementation found in wpa_supplication (station) and hostapd (access point).
b9708563769297f2f8615d14579d54d20eb6303fdc77c3ffcafdb8c17466dfb6
Cyberoam Transparent Authentication Suite version 2.1.2.5 Fully Qualified Domain Name and NetBIOS Name proof of concept denial of service exploits.
e85b1896f7ee0fbcaefed884392a6b1338e4242ffba88de09aef0f3dcadd07f2
This Metasploit module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you administrator access.
d2ce49b369029d9ba6fa03bf3c938f41ab106d33a06609e2f00de1eb12b975c8
Cyberoam SSLVPN Client version 1.3.1.30 Connect To Server and HTTP Proxy proof of concept denial of service exploits.
10fbba0972f675beabed4bc6c7b9fa2fc4019879caef30f05995225cb5176369
CMS Made Simple version 2.2.10 suffers from a persistent cross site scripting vulnerability.
ab2bb4ee4397e607d687ba9dbfeb8d2bbe0759bf552f9eef576d986e406dafb4
Debian Linux Security Advisory 4452-1 - Multiple security issues were found in jackson-databind, a Java library to parse JSON and other data formats which could result in information disclosure or the execution of arbitrary code.
8095674dd1045dcb3b6e8830df6c5e14a3e757092613ec37d2e027cf70e3e072
Microsoft Internet Explorer Windows 10 1809 17763.316 scripting engine memory corruption exploit.
7d2015c3ac3c61fefec434f05b388f4ccd27c5327a0537ee0a13305ce2eda40c
Whitepaper called Web Application Firewall Bypass Methods. Written In Turkish.
de3d6eb771b386a81807a989fe41fcd824480b3c78ac572e1d065e0f3b1e087a
Cyberoam General Authentication Client version 2.1.2.7 denial of service proof of concept exploit.
009f670f54b88215db3581aa256585fd014a51127143104c3fc870131e73e062
Fast AVI MPEG Joiner version 1.2.0812 License Name proof of concept denial of service exploit.
18f81e70c998f3fe8d097c86b9a0adbccbf4384e7908865dc2aa79a8822b2531
Ubuntu Security Notice 3957-2 - USN-3957-1 fixed multiple vulnerabilities in MySQL. This update addresses some of them in MariaDB 5.5. Ubuntu 14.04 LTS has been updated to MariaDB 5.5.64. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
b0d0f2df5e341ab74394d08bdbd1096db37d3d0d16e4dbf587b5b663e8645b76
Microsoft Windows installer suffers from a race condition that can allow for privilege escalation.
e5943fac225d4d55b0fa4d7a1e4b21e8a597a5aa436c053cea39b3a02de897f9
Whitepaper called Penetration Testing Steps and Tools. Written In Turkish.
789ecc5a958af9486d5d831fa003b63f12d584366542b0127215d7a135d6af23
Pidgin version 2.13.0 denial of service proof of concept exploit.
dbed3b7cdf9c51d8959568e09d67a7eb7e08fd52ceb6d262662bccfb08103b9a
Red Hat Security Advisory 2019-1268-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include wrong permissions in systemd admin-sock due to a missing SocketMode parameter.
5e33374ee511a6177cb296ad8608ed8954c6b49e422a6eebd6589ddcc28816a0