RaspAP version 2.6.6 authenticated remote code execution exploit.
c37e2b413f40c9b270924668278428a786e4954e99bdea5bb1e2a5f9ec9366d0
Simple Phone Book/Directory version 1.0 suffers from a remote SQL injection vulnerability.
f8c5131e6707085f362db23792418f4331f124563c7d7ff5b3f5fc0a77941faa
Whitepaper discussing JavaScript static analysis. Written in Arabic.
0c4b9e81a57d57072c3bbf3c49892a9de6b7ea347238264d3d6ce9e7068c1996
This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication, impersonate an arbitrary user, and write an arbitrary file to achieve remote code execution. By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects Exchange 2013 CU23 versions before 15.0.1497.15, Exchange 2016 CU19 versions before 15.1.2176.12, Exchange 2016 CU20 versions before 15.1.2242.5, Exchange 2019 CU8 versions before 15.2.792.13, and Exchange 2019 CU9 versions before 15.2.858.9.
b555cd3b9862ec567195ff3003e6dc453483630a7c663ee17d582778c11dbf59
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
7ca34b8bb24ae9e50f33792b7091b3841d7e1b440ff57bc9fabddf01e2ed1e24
Online Traffic Offense Management System version 1.0 suffers from a remote SQL injection vulnerability.
f9ccba82b5fdd1c9551054d088cf435b9bc6b76ee2e32391e649fd8187bbf7d4
NetModule Router Software versions prior to 4.3.0.113, 4.4.0.111, and 4.5.0.105 suffer from insecure password handling and session fixation vulnerabilities.
55c2cd76e6eb849928d497ed398e7ef24c35c003556aab944b5829e79cdf8dc6
Laundry Booking Management System version 1.0 suffers from a remote SQL injection vulnerability.
0fa0ccd80f12ed76e46cdbfcbea69df5b713a5b2328737991110a18be7c9cb0a
Laundry Booking Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
6235f0245770ffeb2d12c3b8443b6185676520853eac459c2cb573980dc42ee0
Multiple Altus Sistemas de Automacao products such as the Nexto NX30xx Series, Nexto NX5xxx Series, Nexto Xpress XP3xx Series, and Hadron Xtorm HX3040 Series suffer from command injection, cross site request forgery, and hardcoded credential vulnerabilities.
04419f303d6024196a934d7a822a54ec4c5ef330f60bde124f5af5cb94703343
Red Hat Security Advisory 2021-3219-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7 and 8. Issues addressed include a denial of service vulnerability.
b14ada71b882c59a34d15d65dd0782ed8c2e52796a958fd6a7da92b5a819bbe1
Red Hat Security Advisory 2021-3217-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a denial of service vulnerability.
67b7596a1bd8bf639a16e032ab329a8f0e4a6abae3dc16bd847b4bb11a617542
WebKit suffers from a heap use-after-free vulnerability in Element::dispatchMouseEvent.
32ce340e9e7aafa598cb7a3f4f8b409cd814f55d9df9e771b2d4767d0216dbcb
Red Hat Security Advisory 2021-3218-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a denial of service vulnerability.
4e81e64fea87aebb93c58f8cd6af86ef298d2bf1ca9cf241bb14bc8b09fb8a7c
Red Hat Security Advisory 2021-3216-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include a denial of service vulnerability.
2061d8512d69b0ee37f4e22bb328d97a07bcb620e3d1e1316ef3da1453eb47b4
Red Hat Security Advisory 2021-3125-01 - This release of Red Hat build of Eclipse Vert.x 4.1.2 includes security updates, bug fixes, and enhancements.
3db3fc49baf2ced427948242e08c45594f7977c078eecf61a591c969b0d0ba60
JavaScriptCore suffers from a crash condition due to an uninitialized register in slow_path_profile_catch. Proof of concept that affects Safari is included.
8dd2cde7c2edb66fc6061ca48debe795fc639981944e4354c301b47af6a7c4b1
WebKit suffers from a heap use-after-free vulnerability in WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy.
3bbacfe61c3afe8fcb813221566bd0ea237ec718789ecbd4ffc4394dbe1d0f85
Charity Management System CMS version 1.0 suffers from code execution, cross site scripting, and remote SQL injection vulnerabilities.
10039f2160e3102db22bddd8e161c6b482b74136cf2f4a6ecd91d6cba5e0a00b
Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
4af31b963bddcf331a7037ea35c40e4fbfd445f815d8756856219abad1f16c71
Ubuntu Security Notice 5046-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
911bcc859f7a0c9a9d1bae83c2f53e3ca1b9840869a5229252148bb51ba89399
Simple Image Gallery version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
b65b3e6fecc3f9f54f070d6f79325e11c357276ad648cc23b89cc1de348c8b50
Ubuntu Security Notice 5045-1 - Norbert Slusarek discovered that the CAN broadcast manger protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
bde5f3bf782e59c0ed151fd7c46c5d2258f7fcd96669a1026e3e26aff417fae1
Red Hat Security Advisory 2021-3207-01 - This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.
45c967c8a201b1f39d4acd990e209ab0096988439ff4cec5216e3227f4f3dc4b
Crossfire Server version 1.0 SetUp() remote buffer overflow exploit.
5fd5d08654c96dce896141305b739eecc4b96a438ff4c8fe04bcea3f1d164cfc