|
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation
|
|
2019-06-18
|
|
Linux/x86_64 - execve(/bin/sh) Shellcode (22 bytes)
|
|
2019-06-18
|
|
Sahi pro 8.x - Cross-Site Scripting
|
|
2019-06-18
|
|
Sahi pro 8.x - SQL Injection
|
|
2019-06-18
|
|
Sahi pro 7.x/8.x - Directory Traversal
|
|
2019-06-18
|
|
Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow
|
|
2019-06-17
|
|
Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow
|
|
2019-06-17
|
|
Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow
|
|
2019-06-17
|
|
Thunderbird ESR < 60.7.XXX - Type Confusion
|
|
2019-06-17
|
|
Spring Security OAuth - Open Redirector
|
|
2019-06-17
|
|
AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
|
|
2019-06-17
|
|
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
|
|
2019-06-17
|
|
Netperf 2.6.0 - Stack-Based Buffer Overflow
|
|
2019-06-17
|
|
Exim 4.87 - 4.91 - Local Privilege Escalation
|
|
2019-06-17
|
|
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
|
|
2019-06-17
|
|
Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)
|
|
2019-06-17
|
|
CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities
|
|
2019-06-17
|
|
RedwoodHQ 2.5.5 - Authentication Bypass
|
|
2019-06-17
|
|
Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow
|
|
2019-06-14
|
|
CentOS 7.6 - 'ptrace_scope' Privilege Escalation
|
|
2019-06-14
|
|
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
|
|
2019-06-13
|
|
Sitecore 8.x - Deserialization Remote Code Execution
|
|
2019-06-13
|
|
FusionPBX 4.4.3 - Remote Command Execution
|
|
2019-06-12
|
|
Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)
|
|
2019-06-11
|
|
Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting
|
|
2019-06-11
|
|
phpMyAdmin 4.8 - Cross-Site Request Forgery
|
|
2019-06-11
|
|
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
|
|
2019-06-11
|
|
ProShow 9.0.3797 - Local Privilege Escalation
|
|
2019-06-11
|
|
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)
|
|
2019-06-10
|
|
Ubuntu 18.04 - 'lxd' Privilege Escalation
|
|
2019-06-10
|
|
UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting
|
|
2019-06-10
|
|
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
|
|
2019-06-07
|
|
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
|
|
2019-06-07
|
|
Exim 4.87 < 4.91 - (Local / Remote) Command Execution
|
|
2019-06-07
|
|
Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution
|
|
2019-06-07
|
|
Nvidia GeForce Experience Web Helper - Command Injection
|
|
2019-06-07
|
|
Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion
|
|
2019-06-06
|
|
LibreNMS - addhost Command Injection (Metasploit)
|
|
2019-06-05
|
|
IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
|
|
2019-06-05
|
|
Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
|
|
2019-06-05
|
|
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
|
|
2019-06-05
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting
|
|
2019-06-04
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting
|
|
2019-06-04
|
|
DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)
|
|
2019-06-04
|
|
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
|
|
2019-06-04
|
|
NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow
|
|
2019-06-04
|
|
IceWarp 10.4.4 - Local File Inclusion
|
|
2019-06-04
|
|
WordPress Plugin Form Maker 1.13.3 - SQL Injection
|
|
2019-06-03
|
|
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
|
|
2019-06-03
|
|
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
|
|
2019-06-03
|
|
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
|
|
2019-06-01
|
|
Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)
|
|
2019-05-30
|
|
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
|
|
2019-05-29
|
|
Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)
|
|
2019-05-29
|
|
Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
|
|
2019-05-29
|
|
Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script
|
|
2019-05-29
|
|
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
|
|
2019-05-29
|
|
Free SMTP Server 2.5 - Denial of Service (PoC)
|
|
2019-05-29
|
|
pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting
|
|
2019-05-29
|
|
Phraseanet < 4.0.7 - Cross-Site Scripting
|
|
2019-05-28
|
|
Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass
|
|
2019-05-28
|
|
EquityPandit 1.0 - Password Disclosure
|
|
2019-05-28
|
|
Typora 0.9.9.24.6 - Directory Traversal
|
|
2019-05-27
|
|
Deltek Maconomy 2.2.5 - Local File Inclusion
|
|
2019-05-27
|
|
Pidgin 2.13.0 - Denial of Service (PoC)
|
|
2019-05-27
|
|
Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)
|
|
2019-05-24
|
|
Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
|
|
2019-05-24
|
|
Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)
|
|
2019-05-24
|
|
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)
|
|
2019-05-24
|
|
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)
|
|
2019-05-24
|
|
Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)
|
|
2019-05-24
|
|
Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)
|
|
2019-05-24
|
|
Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow
|
|
2019-05-24
|
|
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC
|
|
2019-05-24
|
|
Microsoft Windows - 'Win32k' Local Privilege Escalation
|
|
2019-05-23
|
|
Microsoft Internet Explorer 11 - Sandbox Escape
|
|
2019-05-23
|
|
Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary DACL Write
|
|
2019-05-23
|
|
Microsoft Windows (x84/x64) - 'Error Reporting' Local Privilege Escalation
|
|
2019-05-23
|
|
Microsoft Windows 10 (17763.379) - Install DLL
|
|
2019-05-23
|
|
Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)
|
|
2019-05-23
|
|
Apple Mac OS X - Feedback Assistant Race Condition (Metasploit)
|
|
2019-05-23
|
|
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free
|
|
2019-05-23
|
|
Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation
|
|
2019-05-23
|
|
Terminal Services Manager 3.2.1 - Denial of Service
|
|
2019-05-23
|
|
Nagios XI 5.6.1 - SQL injection
|
|
2019-05-23
|
|
NetAware 1.20 - 'Share Name' Denial of Service (PoC)
|
|
2019-05-23
|
|
NetAware 1.20 - 'Add Block' Denial of Service (PoC)
|
|
2019-05-23
|
|
Linux/x64 - Execve /bin/sh Shellcode (23 bytes)
|
|
2019-05-23
|
|
Microsoft Windows 7/2003/2008 RDP - Remote Code Execution
|
|
2019-05-22
|
|
Horde Webmail 5.2.22 - Multiple Vulnerabilities
|
|
2019-05-22
|
|
TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)
|
|
2019-05-22
|
|
TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)
|
|
2019-05-22
|
|
RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)
|
|
2019-05-22
|
|
RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)
|
|
2019-05-22
|
|
Carel pCOWeb < B1.2.1 - Credentials Disclosure
|
|
2019-05-22
|
|
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
|
|
2019-05-22
|
|
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
|
|
2019-05-22
|
|
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
|
|
2019-05-22
|