Go SSH server version 0.0.2 suffers from a denial of service vulnerability.
d545184609b7cd6caf620c82784b7d1eb9fee03472e34f406779dd8239707e78
195 bytes small Windows/x86 null-free WinExec Calc.exe shellcode.
fee44adfb0bfdb2c7192391912bf356c70e5e8f50319f258fd2597def6aa0826
AMSS++ version 4.7 appears to have a backdoor account in it.
cd7060966dd1a6806bd719fd19b605a579e40923eba983841f524eaeffa6b74c
Aptina AR0130 960P 1.3MP Indoor Outdoor AHD Vandalproof Camera remote configuration disclosure exploit.
2ef325a6923d8e5d17e5f09adc7f76675316379324c359f02d3fa9c0830f51c8
SecuSTATION SC-831 HD Camera remote configuration disclosure exploit.
4683b9b52be366e07dd763dfdd1690ff666f7f3f0dcbbe97afeb5b93afd6341d
ESCAM QD-900 WIFI HD Camera remote configuration disclosure exploit.
4baed4aa376fe687a544860e2f80bb9b555d6c45d9d410c64a42fbe2dec40918
Amovision AM-Q6320-WIFI HD Camera remote configuration disclosure exploit.
282ef1fe573f05152fb5163f3e9e9233adfc9cae3b7fccb52ef42d569439c377
This Metasploit module exploits a command injection in OpenNetAdmin between versions 8.5.14 and 18.1.1.
2b228bdd522a3322b945c5bb606015c9a7078570c659b03b557125d2bb27bf4a
Open-Xchange App Suite and Documents versions 7.10.2 and below suffer from multiple server-side request forgery vulnerabilities.
9e95ed9b8b18b7aa67aa539e677d18a46c58d0f74c70f908ef7a336569ff51e9
D-Link DGS-1250 suffers from a header injection vulnerability that can be leveraged through cross site scripting.
7d7d9f8705c8fb7f26571e187596182c238f6573faea1c552faf5d97d4edd1f2
The AVIRA parsing engine supports the ISO container format. The parsing engine can be bypassed by specifically manipulating the ISO Archive This leads to the Endpoint ignoring the container and the Gateways to let this file slip through uninspected. Avira does not patch or update their very popular command line scanner that is still available for download on their website. AV Engine versions below 8.3.54.138 are affected.
e3a1a68dae3a544a78b4225ef81e20a998dd5f42a98b27d7f851c97568992124
Online Birth Certificate System version 1.0 suffers from a persistent cross site scripting vulnerability.
6de37794ee2094b035dabe76e6eb8a2f304b42854e39e641aa1c76aecbdde857
AMSS++ version 4.31 suffers from a remote SQL injection vulnerability.
0aa8404c8f64edcaa6766be112a26476dc872f2cf9dd5a373508bb009631fc25
Whitepaper called WordPress Security. Written in Turkish.
e49b4b89327b25ec6a9f68b3a1e5349d5d266d462409d6037057a44f027bcec3
Slackware Security Advisory - New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
d52855cebc6ff08d438a73cb1c48b08a8612def8eac07cb321c840d6a7b98cb7
Red Hat Security Advisory 2020-0565-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Memory safety issues and various other vulnerabilities have been addressed.
3ab5bdb88120ae5e4fd89544676111763fc17ab8b4c152f64e39e5f2995c8764
Red Hat Security Advisory 2020-0566-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a denial of service vulnerability.
a6d88cc99ed249a84cbbe204dc2e7e5f93c6c712ee75e13dc48343b7d2153e3d
Red Hat Security Advisory 2020-0564-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a use-after-free vulnerability.
666ecdb2f28f993bc3f9d569555f489bcb6f7c49fb7116e800eeed1b773320f5
Ubuntu Security Notice 4289-1 - Jeriko One discovered that Squid incorrectly handled memory when connected to an FTP server. A remote attacker could possibly use this issue to obtain sensitive information from Squid memory. Regis Leroy discovered that Squid incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to access server resources prohibited by earlier security filters. Guido Vranken discovered that Squid incorrectly handled certain buffer operations when acting as a reverse proxy. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1313e86585d39f29af765e7595c60e6ae63b933823da6dd69399de2b01187107
This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given directory. To use this module with the cron exploitation method, run the exploit using the given payload, host, and port. After running the exploit, the payload will be executed within 60 seconds. Due to differences in how cron may run in certain Linux operating systems such as Ubuntu, it may be preferable to set the target to Bash Completion as the cron method may not work. If the target is set to Bash completion, start a listener using the given payload, host, and port before running the exploit. After running the exploit, the payload will be executed when a user logs into the system. For this exploitation method, bash completion must be enabled to gain code execution. This exploitation method will leave an Apache James mail object artifact in the /etc/bash_completion.d directory and the malicious user account.
38aec6cad30d28bc144df66f4ad6d698b59a52c8a529a3cc66391e571ee852c6
This Metasploit module uses Diamorphine rootkit's privesc feature using signal 64 to elevate the privileges of arbitrary processes to UID 0 (root). This module has been tested successfully with Diamorphine from master branch (2019-10-04) on Linux Mint 19 kernel 4.15.0-20-generic (x64).
c0a67e3b35ae7095f282504032573f7c6d8515a68217980e613c044ea3d6edbe
Red Hat Security Advisory 2020-0556-01 - This release of Open Liberty 20.0.0.2 serves as a replacement for Open Liberty 20.0.0.1 and includes security fixes, bug fixes, and enhancements. Issues addressed include a denial of service vulnerability.
d3cd1416354865f437f30268882b9c17d2e392f2b62cf277834f83750c1d3cd9
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
12011eb0e4798ce4039defc10498c4ae9af7f4edf7731e9d32f4d8ae678cda66
Ubuntu Security Notice 4288-1 - It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code.
eb07457d63a9c9ab5e89ea43cf02a775350f7f4106be07bf3ab89630abce1e73
OpenEXR suffers from multiple memory safety issues including out-of-bounds access.
d7f7bcfc376186e510d108af1edd8e502ddcaa95444256cedbc8fa3a1e31276e