Exploit - Úvod  2019  2018  2017  2016  2015  2014  2013  2012  2011  2010  2009  2008  2007  2006  2005  2004  2003  2002  2001  2000  ThreatsPress

Úvod  Remote   Web App  Local&Privilege Escalation  DoS & PoC  ShellCode  Exploit  Exploit prog.  Ex. Techniky  Exp. kit  Typy Exploitů  Exploit Articles 

 

12.11.2019

Bematech Printer MP-4200 - Denial of Service

Wondershare Application Framework Service - "WsAppService" Unquote Service Path

Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH)

FlexAir Access Control 2.3.35 - Authentication Bypass

Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting

RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path

Optergy 2.3.0a - Remote Code Execution

Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)

Prima Access Control 2.3.35 - Arbitrary File Upload

Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting

Joomla 3.9.13 - 'Host' Header Injection

CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection

CBAS-Web 19.0.0 - Username Enumeration

CBAS-Web 19.0.0 - Information Disclosure

CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)

CBAS-Web 19.0.0 - Remote Code Execution

eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)

eMerge E3 Access Controller 4.6.07 - Remote Code Execution

eMerge50P 5000P 4.6.07 - Remote Code Execution

eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting

eMerge E3 1.00-06 - Arbitrary File Upload

Atlassian Confluence 6.15.1 - Directory Traversal

eMerge E3 1.00-06 - Cross-Site Request Forgery

eMerge E3 1.00-06 - Remote Code Execution

eMerge E3 1.00-06 - Privilege Escalation

Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path

eMerge E3 1.00-06 - Unauthenticated Directory Traversal

Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path

Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting

Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting

Prima FlexAir Access Control 2.3.38 - Remote Code Execution

Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting

11.11.2019

 

Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)

Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream

iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address

iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)

XML Notepad 2.8.0.4 - XML External Entity Injection

Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path

_GCafé 3.0 - 'gbClienService' Unquoted Service Path

8.11.2019

Nextcloud 17 - Cross-Site Request Forgery

rConfig - install Command Execution (Metasploit)

Android Janus - APK Signature Bypass (Metasploit)

Adive Framework 2.0.7 - Privilege Escalation

SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path

Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting

7.11.2019

Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path

6.11.2019

Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass

QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path

Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path

5.11.2019

macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()

WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects

SD.NET RIM 4.7.3c - 'idtyp' SQL Injection

html5_snmp 1.11 - 'Router_ID' SQL Injection

html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting

FileOptimizer 14.00.2524 - Denial of Service (PoC)

rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection

Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path

thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting

Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path

thejshen Globitek CMS 1.4 - 'id' SQL Injection

4.11.2019

Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)

Apple macOS 10.15.1 - Denial of Service (PoC)

Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path

Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path

Aida64 6.10.5200 - Buffer Overflow (SEH)

1.11.2019

Nostromo - Directory Traversal Remote Command Execution (Metasploit)

Apache Solr 8.2.0 - Remote Code Execution

ownCloud 10.3.0 stable - Cross-Site Request Forgery

OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path

TheJshen contentManagementSystem 1.04 - 'id' SQL Injection

31.10.2019

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH)

Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning

30.10.2019

JavaScriptCore - GetterSetter Type Confusion During DFG Compilation

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

Citrix StoreFront Server 7.15 - XML External Entity Injection

Ajenti 2.1.31 - Remote Code Exection (Metasploit)

29.10.2019

Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass

Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution

Wordpress 5.2.4 - Cross-Origin Resource Sharing

Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path

rConfig 3.9.2 - Remote Code Execution

Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow

28.10.19

PHP-FPM + Nginx - Remote Code Execution

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed

ChaosPro 2.0 - Buffer Overflow (SEH)

delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection

JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting

Part-DB 0.4 - Authentication Bypass

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection

Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery

25.10.19

ClonOs WEB UI 19.09 - Improper Access Control

24.10.19

Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)

AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection

AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control

Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection

23.10.19

Joomla! 3.4.6 - Remote Code Execution (Metasploit)

IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path

Rocket.Chat 2.1.0 - Cross-Site Scripting

22.10.19

Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)

21.10.19

Solaris 11.4 - xscreensaver Privilege Escalation

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)

Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution

winrar 5.80 - XML External Entity Injection

winrar 5.80 64bit - Denial of Service

17.10.19

 

WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Serive Path

Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path

BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path

ThinVNC 1.0b1 - Authentication Bypass

Restaurant Management System 1.0 - Remote Code Execution

Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting

Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting

Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting

ThinVNC 1.0b1 - Authentication Bypass

16.10.19

Whatsapp 2.19.216 - Remote Code Execution

CyberArk Password Vault 10.6 - Authentication Bypass

Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path

Solaris xscreensaver 11.4 - Privilege Escalation

LiteManager 4.5.0 - 'romservice' Unquoted Serive Path

X.Org X Server 1.20.4 - Local Stack Overflow

Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path

Accounts Accounting 7.02 - Persistent Cross-Site Scripting

Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path

15.10.19

Ajenti 2.1.31 - Remote Code Execution

Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting

ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service

SpotAuditor 5.3.1.0 - Denial of Service

Uplay 92.0.0.6280 - Local Privilege Escalation

11.10.19

WordPress Arforms 3.7.1 - Directory Traversal

Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting

National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation

10.10.19

Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File

Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File

Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File

Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File

Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter

TP-Link TL-WR1043ND 2 - Authentication BypassASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (Metasploit, DEP Bypass)

SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery

9.10.19

Zabbix 4.4 - Authentication Bypass

Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC)

DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow (DEP Bypass)

XNU - Remote Double-Free via Data Race in IPComp Input Path

8.10.19

Zabbix 4.4 - Authentication Bypass

vBulletin 5.0 < 5.5.4 - 'updateAvatar' Remote Code Execution

7.10.19

freeFTP 1.0.8 - Remote Buffer Overflow

CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation

IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload

Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)

Zabbix 4.2 - Authentication Bypass

logrotten 3.15.1 - Privilege Escalation

Joomla 3.4.6 - 'configuration.php' Remote Code Execution

4.10.19

Android - Binder Driver Use-After-Free

PHP 7.0 < 7.3 - 'gc' Disable Functions Bypass

LabCollector 5.423 - SQL Injection

3.10.19

AnchorCMS < 0.12.3a - Information Disclosure

mintinstall 7.9.9 - Code Execution

2.10.19

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)

Detrix EDMS 1.2.3.1505 - SQL Injection

1.10.19

DotNetNuke < 9.4.0 - Cross-Site Scripting

WebKit - Universal XSS Using Cached Pages

WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment

WebKit - Universal XSS in WebCore::command

WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads

30.9.2019

Cisco Small Business 220 Series - Multiple Vulnerabilities

TheSystem 1.0 - Command Injection

thesystem 1.0 - Cross-Site Scripting

GoAhead 2.5.0 - Host Header Injection

phpIPAM 1.4 - SQL Injection

vBulletin 5.x - Remote Command Execution (Metasploit)

27.9.2019

WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting

thesystem App 1.0 - 'username' SQL Injection

thesystem App 1.0 - Persistent Cross-Site Scripting

thesystem App 1.0 - 'server_name' SQL Injection

Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)

InoERP 0.7.2 - Persistent Cross-Site Scripting

26.9.2019

citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection

inoERP 4.15 - 'download' SQL Injection

all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting

Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting

Chamillo LMS 1.11.8 - Arbitrary File Upload

25.9.2019

ABRT - sosreport Privilege Escalation (Metasploit)
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting
SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting

24.9.2019

Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)

iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds

Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service

Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection

File Sharing Wizard 1.5.0 - POST SEH Overflow

Easy File Sharing Web Server 7.2 - 'New User' Local SEH Overflow

DeviceViewer 3.12.0.1 - 'creating user' Denial of Service

23.9.2019

Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure

HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure

Gila CMS < 1.11.1 - Local File Inclusion

20.9.2019

LayerBB < 1.1.4 - Cross-Site Request Forgery

GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection

19.9.2019

macOS 18.7.0 Kernel - Local Privilege Escalation

Hospital-Management 1.26 - 'fname' SQL Injection

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution

16.9.2019

Inteno IOPSYS Gateway - Improper Access Restrictions

docPrint Pro 8.0 - SEH Buffer Overflow

Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload

AppXSvc - Privilege Escalation

15.9.2019

Ticket-Booking 1.4 - Authentication Bypass

College-Management-System 1.2 - Authentication Bypass

13.9.2019

LimeSurvey 3.17.13 - Cross-Site Scripting

phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery

Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting

Folder Lock 7.7.9 - Denial of Service

12.9.2019

Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts

11.9.2019

eWON Flexy - Authentication Bypass

AVCON6 systems management platform - OGNL Remote Command Execution

10.9.2019

Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)

Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)

October CMS - Upload Protection Bypass Code Execution (Metasploit)

LibreNMS - Collectd Command Injection (Metasploit)

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting

WordPress Plugin Photo Gallery 1.5.34 - SQL Injection

9.9.2019

Wordpress 5.2.3 - Cross-Site Host Modification

Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection

Enigma NMS 65.0.0 - Cross-Site Request Forgery

Enigma NMS 65.0.0 - OS Command Injection

Enigma NMS 65.0.0 - SQL Injection

Online Appointment - SQL Injection

Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure

WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting

Dolibarr ERP-CRM 10.0.1 - SQL Injection

7.9.2019

FusionPBX 4.4.8 - Remote Code Execution

Inventory Webapp - 'itemquery' SQL injection

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution

4.9.2019

Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)

Cisco Data Center Network Manager - Unauthenticated Remote Code Execution (Metasploit)

Cisco UCS Director - default scpuser password (Metasploit)

ptrace - Sudo Token Privilege Escalation (Metasploit)

ktsuss 1.4 - suid Privilege Escalation (Metasploit)

FileThingie 2.5.7 - Arbitrary File Upload

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

3.9.2019

Alkacon OpenCMS 10.5.x - Cross-Site Scripting

IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection

ChaosPro 3.1 - SEH Buffer Overflow

ChaosPro 2.1 - SEH Buffer Overflow

ChaosPro 2.0 - SEH Buffer OverflowCisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection

Opencart 3.x - Cross-Site Scripting

31.8.2019

VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service

WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting

YouPHPTube 7.4 - Remote Code Execution

DomainMod 4.13 - Cross-Site Scripting

Sentrifugo 3.2 - Persistent Cross-Site Scripting

Sentrifugo 3.2 - File Upload Restriction Bypass

Asus Precision TouchPad 11.0.0.25 - Denial of Service

Canon PRINT 2.5.5 - Information Disclosure

Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service

SQL Server Password Changer 1.90 - Denial of Service

29.8.2019

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform

PilusCart 1.4.1 - Local File Disclosure

Jobberbase 2.0 - 'subscribe' SQL Injection

28.8.2019

Outlook Password Recovery 2.10 - Denial of Service

SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection

Jobberbase 2.0 CMS - 'jobs-in' SQL Injection

27.8.2019

Tableau - XML External Entity

26.8.2019

Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)

openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery

WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection

LSoft ListServ < 16.5-2018a - Cross-Site Scripting

24.8.2019

Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal

22.8.2019

LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (metasploit)

21.8.2019

WordPress Plugin 2.2.1 - Cross-Site Request Forgery

19.8.2019

YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Webmin 1.920 - Remote Code Execution

Neo Billing 3.5 - Persistent Cross-Site Scripting

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure

FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)

Kimai 2 - Persistent Cross-Site Scripting

RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service

18.8.2019

Integria IMS 5.0.86 - Arbitrary File Upload

GetGo Download Manager 6.2.2.3300 - Denial of Service

Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion

EyesOfNetwork 5.1 - Authenticated Remote Command Execution

16.8.2019

Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1

Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList

Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure

Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList

Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure

Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables

Microsoft Font Subsetting - DLL Double Free in MergeFormat12Cmap / MakeFormat12MergedGlyphList

Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in GetGlyphIdx

Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage

Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities

NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String

Adobe Acrobat CoolType (AFDKO) - Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts

Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font load/store Operators

Adobe Acrobat Reader DC for Windows - Double Free due to Malformed JP2 Stream

Adobe Acrobat Reader DC for Windows - free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream

Adobe Acrobat Reader DC for Windows - Heap-Based Memory Corruption due to Malformed TTF Font

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow in CoolType.dll

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed Font Stream

Adobe Acrobat Reader DC for Windows - Static Buffer Overflow due to Malformed Font Stream

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow While Processing Malformed PDF

Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream

Adobe Acrobat Reader DC for Windows - Heap-Based Out-of-Bounds read due to Malformed JP2 Stream

15.8.2019

Windows PowerShell - Unsanitized Filename Command Execution

Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion

WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery

D-Link DIR-600M - Authentication Bypass (Metasploit)

TortoiseSVN 1.12.1 - Remote Code Execution

Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting

AZORult Botnet - SQL Injection

Agent Tesla Botnet - Arbitrary Code Execution

ABC2MTEX 1.6.1 - Command Line Stack Overflow

ManageEngine opManager 12.3.150 - Authenticated Code Execution

Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)

14.8.2019

 

Steam Windows Client - Local Privilege Escalation

WebKit - UXSS via XSLT and Nested Document Replacements

Linux - Use-After-Free Reads in show_numa_stats()

VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow

Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection

Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution

Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)

ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)

ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)

ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)

osTicket 1.12 - Persistent Cross-Site Scripting

osTicket 1.12 - Formula Injection

osTicket 1.12 - Persistent Cross-Site Scripting via File Upload

Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion

Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection

UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting

Cisco Adaptive Security Appliance - Path Traversal (Metasploit)

BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting

8.8.2019

Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection

Adive Framework 2.0.7 - Cross-Site Request Forgery

Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download

Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)

Aptana Jaxer 1.0.3.4547 - Local File inclusion

Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)

Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting

7.8.2019

Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability

WordPress Plugin JoomSport 3.3 - SQL Injection

5.8.2019

macOS iMessage - Heap Overflow when Deserializing

Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)

2.8.2019

Sar2HTML 3.2.1 - Remote Command Execution

Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection

1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting

1.8.2019

Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery

WebIncorp ERP - SQL injection

Ultimate Loan Manager 2.0 - Cross-Site Scripting

31.7.2019

Oracle Hyperion Planning 11.1.2.3 - XML External Entity

Redis 4.x / 5.x - Unauthenticated Code Execution (Metasploit)

30.7.2019

iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects

iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1

iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References

macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles

macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded

Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming

Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming

29.7.2019

WP Database Backup < 5.2 - Remote Code Execution (Metasploit)

Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit)

GigToDo 1.3 - Cross-Site Scripting

WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting

WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery

26.7.2019

Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection

Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)

Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution

pdfresurrect 0.15 - Buffer Overflow

Moodle Filepicker 3.5.2 - Server Side Request Forgery

Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation

24.7.2019

Android 7-9 - Remote Code Execution

Apple iMessage - DigitalTouch tap Message Processing Out-of-Bounds Read

Trend Micro Deep Discovery Inspector IDS - Security Bypass

WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions

Cisco Wireless Controller 3.6.10E - Cross-Site Request Forgery

NoviSmart CMS - SQL injection

22.7.2019

Comtrend-AR-5310 - Restricted Shell Escape

BACnet Stack 0.8.6 - Denial of Service

Axway SecureTransport 5 - Unauthenticated XML Injection

19.7.2019

Web Ofisi Firma Rehberi 1 - 'il' SQL Injection

Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection

Web Ofisi Emlak 2 - 'ara' SQL Injection

Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection

Web Ofisi E-Ticaret 3 - 'a' SQL Injection

fuelCMS 1.4.1 - Remote Code Execution

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)

18.7.2019

Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation

WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting

17.7.2019

Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME

Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting

WinMPG iPod Convert 3.0 - 'Register' Denial of Service

MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow

16.7.2019

PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)

Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)

Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection

DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)

CentOS Control Web Panel 0.9.8.838 - User Enumeration

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation

CentOS Control Web Panel 0.9.8.836 - Authentication Bypass

R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)

15.7.2019

FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)

Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write

CISCO Small Business 200 / 300 / 500 Switches - Multiple Vulnerabilities

NETGEAR WiFi Router JWNR2010v5 / R6080 - Authentication Bypass

Streamripper 2.6 - 'Song Pattern' Buffer Overflow

14.7.2019

Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation

13.7.2019

Xymon 4.3.25 - useradm Command Execution (Metasploit)

Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData

Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution

Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting

Sahi Pro 8.0.0 - Remote Command Execution

MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting

Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting

12.7.2019

Sitecore 9.0 rev 171002 - Persistent Cross-Site Scripting

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow

11.7.2019

Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Empty ROS Strings

Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays

Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the "post" Table

Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index

Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling While Processing CFF Blend DICT Operator

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readStrings

Microsoft DirectWrite / AFDKO - Heap-Based Out-of-Bounds Read/Write in OpenType Font Handling Due to Unbounded iFD

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readFDSelect

Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding

Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray

Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW

Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar

Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes

Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes

Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Negative cubeStackDepth

Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling due to Out-of-Bounds cubeStackDepth

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access

Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts

10.7.2019

Firefox 67.0.4 - Denial of Service

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Buffer Overflow (2)

8.7.2019

WordPress Plugin Like Button 1.6.0 - Authentication Bypass

Karenderia Multiple Restaurant System 5.3 - SQL Injection

5.7.2019

Microsoft Exchange 2003 - base64-MIME Remote Code Execution

Karenderia Multiple Restaurant System 5.3 - Local File Inclusion

3.7.2019

Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)

Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)

Symantec DLP 15.5 MP1 - Cross-Site Scripting

2.7.2019

Mac OS X TimeMachine - 'tmdiagnose' Command Injection Privilege Escalation (Metasploit)

Centreon 19.04 - Remote Code Execution

1.7.2019

FaceSentry Access Control System 6.4.8 - Remote SSH Root

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery

FaceSentry Access Control System 6.4.8 - Remote Command Injection

CyberPanel 1.8.4 - Cross-Site Request Forgery

Sahi pro 8.x - Directory Traversal

SAP Crystal Reports - Information Disclosure

ZoneMinder 1.32.3 - Cross-Site Scripting

PowerPanel Business Edition - Cross-Site Scripting

Varient 1.6.1 - SQL Injection

Linux Mint 18.3-19.1 - 'yelp' Command Injection

CiuisCRM 1.6 - 'eventType' SQL Injection

WorkSuite PRM 2.4 - 'password' SQL Injection

27.6.2019

LibreNMS 1.46 - 'addhost' Remote Code Execution

26.6.2019

Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)

Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion

25.6.2019

WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting

WordPress Plugin iLive 1.0.4 - Cross-Site Scripting

BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal

AZADMIN CMS 1.0 - SQL Injection

Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution

SAPIDO RB-1732 - Remote Command Execution

SuperDoctor5 - 'NRPE' Remote Code Execution

24.6.2019

Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation

Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation

GrandNode 4.40 - Path Traversal / Arbitrary File Download

GSearch 1.0.1.0 - Denial of Service (PoC)

SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting

SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting

SeedDMS versions < 5.1.11 - Remote Command Execution

dotProject 2.1.9 - SQL Injection

21.6.2019

EA Origin < 10.5.38 - Remote Code Execution

20.6.2019

Cisco Prime Infrastructure - Runrshell Privilege Escalation (Metasploit)

Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)

Linux - Use-After-Free via race Between modify_ldt() and #BR Exception

BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection

WebERP 4.15 - SQL injection

Tuneclone 2.20 - Local SEH Buffer Overflow

19.6.2019

BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution

BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution

18.6.2019

Serv-U FTP Server < 15.1.7 - Local Privilege Escalation

Sahi pro 8.x - Cross-Site Scripting

Sahi pro 8.x - SQL Injection

Sahi pro 7.x/8.x - Directory Traversal

17.6.2019

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow

Thunderbird ESR < 60.7.XXX - 'parser_get_next_char' Heap-Based Buffer Overflow

Thunderbird ESR < 60.7.XXX - 'icalmemorystrdupanddequote' Heap-Based Buffer Overflow

Thunderbird ESR < 60.7.XXX - Type Confusion

Spring Security OAuth - Open Redirector

AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)

Netperf 2.6.0 - Stack-Based Buffer Overflow

Exim 4.87 - 4.91 - Local Privilege Escalation

HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write

CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities

RedwoodHQ 2.5.5 - Authentication Bypass

CleverDog Smart Camera DOG-2W / DOG-2W-V4 - Multiple Vulnerabilities

RedwoodHQ 2.5.5 - Authentication Bypass

14.6.2019

CentOS 7.6 - 'ptrace_scope' Privilege Escalation

Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow

12.6.2019

FusionPBX 4.4.3 - Remote Command Execution

11.6.2019

Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)

Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting

phpMyAdmin 4.8 - Cross-Site Request Forgery

WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution

ProShow 9.0.3797 - Local Privilege Escalation

9.6.2019

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)

Exim 4.87 < 4.91 - (Local / Remote) Command Execution

Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution

Nvidia GeForce Experience Web Helper - Command Injection

6.6.2019

Supra Smart Cloud TV - 'openLiveURL()' Remote File Inclusion

5.6.2019

IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)

Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery

LibreNMS - addhost Command Injection (Metasploit)

4.6.2019

Cisco RV130W 1.0.3.44 - Remote Stack Overflow

Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting

Zoho ManageEngine ServiceDesk Plus 9.3 - 'SearchN.do' Cross-Site Scripting

Zoho ManageEngine ServiceDesk Plus 9.3 - 'SolutionSearch.do' Cross-Site Scripting

Zoho ManageEngine ServiceDesk Plus 9.3 - 'SiteLookup.do' Cross-Site Scripting

DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)

NUUO NVRMini 2 3.9.1 - 'sscanf' Stack Overflow

IceWarp 10.4.4 - Local File Inclusion

3.6.2019

AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control

WordPress Plugin Form Maker 1.13.3 - SQL Injection

KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities

31.5.19

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service

30.5.19

Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)

29.5.19

Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)

Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL

Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation

Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script

28.5.19

Phraseanet < 4.0.7 - Cross-Site Scripting

Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass

EquityPandit 1.0 - Password Disclosure

27.5.19

Typora 0.9.9.24.6 - Directory Traversal

Deltek Maconomy 2.2.5 - Local File Inclusion

Pidgin 2.13.0 - Denial of Service (PoC)

24.5.19

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)

Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)

Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)

Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)

Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)

Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)

Microsoft Windows 7/2003/2008 RDP - Remote Code Execution

Horde Webmail 5.2.22 - Multiple Vulnerabilities

TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)

TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)

RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)

RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)

Carel pCOWeb < B1.2.1 - Credentials Disclosure

Carel pCOWeb < B1.2.1 - Cross-Site Scripting

AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting

Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting

Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions

BlueStacks 4.80.0.1060 - Denial of Service (PoC)

21.5.19

GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)

macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free

macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl

macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register

macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized

macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution

WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities

Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection

Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)

Deluge 1.3.15 - 'URL' Denial of Service (PoC)

TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting

Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting

20.5.19

Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)

Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation

BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service (PoC)

BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service (PoC)

AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC)

docPrint Pro 8.0 - Denial of Service (PoC)

PCL Converter 2.7 - Denial of Service (PoC)

Encrypt PDF 2.3 - Denial of Service (PoC)

eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution

Huawei eSpace 1.1.11.103 - 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow

Huawei eSpace 1.1.11.103 - DLL Hijacking

Huawei eSpace Meeting 1.1.11.103 - 'cenwpoll.dll' SEH Buffer Overflow (Unicode)

15.5.19

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting

CommSy 8.6.5 - SQL injection

Tomabo MP4 Converter 3.25.22 - Denial of Service (PoC)

PasteShr 1.6 - Multiple SQL Injection

Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection

TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)

TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)

TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)

Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)

D-Link DWL-2600AP - Multiple OS Command Injection

Sales ERP 8.1 - Multiple SQL Injection

PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)

14.5.19

TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)

TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)

TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)

Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)

D-Link DWL-2600AP - Multiple OS Command Injection

Sales ERP 8.1 - Multiple SQL Injection

PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)

13.5.19

OpenProject 5.0.0 - 8.3.1 - SQL Injection

Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write

XOOPS 2.5.9 - SQL Injection

SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)

SOCA Access Control System 180612 - SQL Injection

SOCA Access Control System 180612 - Information Disclosure

DNSS 2.1.8 - Denial of Service (PoC)

SpotMSN 2.4.6 - Denial of Service (PoC)

10.5.19

PHPRunner 10.1 - Denial of Service (PoC)

ASPRunner.NET 10.1 - Denial of Service (PoC)

SpotPaltalk 1.1.5 - Denial of Service (PoC)

SpotIM 2.2 - Denial of Service (PoC)

TheHive Project Cortex < 1.15.2 - Server-Side Request Forgery

jetCast Server 2.0 - Denial of Service (PoC)

9.5.19

Convert Video jetAudio 8.1.7 - Denial of Service (PoC)

Lyric Maker 2.0.1.0 - Denial of Service (PoC)

Lyric Video Creator 2.1 - '.mp3' Denial of Service (PoC)

Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting

Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)

Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)

Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)

7.5.19

Easy Chat Server 3.1 - 'message' Denial of Service (PoC)

Admin Express 1.2.5.485 - 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow

Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting

6.5.19

iOS 12.1.3 - 'cfprefsd' Memory Corruption

NSClient++ 0.5.2.35 - Privilege Escalation

microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

PHPads 2.0 - 'click.php3?bannerID' SQL Injection

Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)

ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution

LG Supersign EZ CMS - Remote Code Execution (Metasploit)

5.5.19

Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

Blue Angel Software Suite - Command Execution

Windows PowerShell ISE - Remote Code Execution

Zotonic < 0.47.0 mod_admin - Cross-Site Scripting

Instagram Auto Follow - Authentication Bypass

Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/
SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection

2.5.19

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)

1.5.19

CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) -
Domain Field (Add DNS Zone) Cross-Site Scripting

Pimcore < 5.71 - Unserialize RCE (Metasploit)

AIS logistics ESEL-Server - Unauth SQL Injection RCE (Metasploit)

Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution

DeviceViewer 3.12.0.1 - 'user' SEH Overflow

SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)

Agent Tesla Botnet - Information Disclosure

Hyvikk Fleet Manager - Shell Upload

Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)

Joomla! Component JiFile 2.3.1 - Arbitrary File Download

Domoticz 4.10577 - Unauthenticated Remote Command Execution

Spring Cloud Config 2.1.x - Path Traversal (Metasploit)

HumHub 1.3.12 - Cross-Site Scripting

Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery

28.4.19

systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting

NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)

NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)

26.4.19

RARLAB WinRAR 5.61 - ACE Format Input Validation Remote Code Execution (Metasploit)

Lavavo CD Ripper 4.20 - 'License Activation Name' Buffer Overflow (SEH)

AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)

osTicket 1.11 - Cross-Site Scripting / Local File Inclusion

JioFi 4G M2S 1.0.2 - Denial of Service

JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting

Backup Key Recovery 2.2.4 - Denial of Service (PoC)

HeidiSQL 10.1.0.5464 - Denial of Service (PoC)

25.4.19

JioFi 4G M2S 1.0.2 - Denial of Service

JioFi 4G M2S 1.0.2 - 'mask' Cross-Site Scripting

Backup Key Recovery 2.2.4 - Denial of Service (PoC)

HeidiSQL 10.1.0.5464 - Denial of Service (PoC)

Google Chrome 72.0.3626.121 / 74.0.3725.0 - 'NewFixedDoubleArray' Integer Overflow

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation

24.4.19

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation

23.4.19

Linux - 'page->_refcount' Overflow via FUSE

Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit

Ross Video DashBoard 8.5.1 - Insecure Permissions

22.4.19

UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting

ManageEngine Applications Manager 14.0 - Authentication Bypass / Remote Command Execution (Metasploit)

Msvod 10 - Cross-Site Request Forgery (Change User Information)

74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)

LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret)

Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)

WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion

QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service

Ease Audio Converter 5.30 - '.mp4' Denial of Service (PoC)

20.4.19

Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)

SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)

Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection

Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal

19.4.19

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4

LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)

Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)

ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)

Evernote 7.9 - Code Execution via Path Traversal

18.4.19

DHCP Server 2.5.2 - Denial of Service (PoC)

ASUS HG100 - Denial of Service

MailCarrier 2.51 - POP3 'RETR' SEH Buffer Overflow

17.4.19

Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation

Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass

Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation

Microsoft Windows 10 1809 / 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation

AdminExpress 1.2.5 - 'Folder Path' Denial of Service (PoC)

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

PCHelpWare V2 1.0.0.5 - 'Group' Denial of Service (PoC)

PCHelpWare V2 1.0.0.5 - 'SC' Denial of Service (PoC)

Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation

Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting

16.4.19

Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)

UltraVNC Launcher 1.2.2.4 - 'Path' Denial of Service (PoC)

UltraVNC Viewer 1.2.2.4 - 'VNC Server' Denial of Service (PoC)

MailCarrier 2.51 - POP3 'TOP' SEH Buffer Overflow

MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow

MailCarrier 2.51 - POP3 'USER' Buffer Overflow

CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit)

RemoteMouse 3.008 - Arbitrary Remote Command Execution

MailCarrier 2.51 - 'RCPT TO' Buffer Overflow

DirectAdmin 1.561 - Multiple Vulnerabilities

13.4.19

Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)

Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)

ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)

Microsoft Internet Explorer 11 - XML External Entity Injection

CyberArk EPM 10.2.1.603 - Security Restrictions Bypass

12.4.19

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting

10.4.19

FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer

FTPShell Server 6.83 - 'Account name to ban' Local Buffer

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution

Microsoft Windows - AppX Deployment Service Privilege Escalation

Apache Axis 1.4 - Remote Code Execution

9.4.19

PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write

Ashop Shopping Cart Software - 'bannedcustomers.php?blacklistitemid' SQL Injection

TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow

8.4.19

Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation

QNAP Netatalk < 3.1.12 - Authentication Bypass

ManageEngine ServiceDesk Plus 9.3 - User Enumeration

Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow

WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass

Tradebox CryptoCurrency - 'symbol' SQL Injection

River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow

CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting

AllPlayer 7.4 - SEH Buffer Overflow (Unicode)

SaLICru -SLC-20-cube3(5) - HTML Injection

ShoreTel Connect ONSITE < 19.49.1500.0 - Multiple Vulnerabilities

FlexHEX 2.71 - SEH Buffer Overflow (Unicode)

Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution

Jobgator - 'experience' SQL Injection

5.4.19

FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)

AIDA64 Engineer 5.99.4900 - 'Load from file' Field Buffer Overflow (SEH)

Magic ISO Maker 5.5(build 281) - 'Serial Code' Denial of Service (PoC)

Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)

Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion

Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion

Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion

WebKitGTK+ - 'ThreadedCompositor' Race Condition

WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free

WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check

iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe

WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion

SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)

PhreeBooks ERP 5.2.3 - Remote Command Execution

PhreeBooks ERP 5.2.3 - Arbitrary File Upload

Ashop Shopping Cart Software - SQL Injection

Clinic Pro v4 - 'month' SQL Injection

TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit)

4.4.19

PhreeBooks ERP 5.2.3 - Arbitrary File Upload

Ashop Shopping Cart Software - SQL Injection

Clinic Pro v4 - 'month' SQL Injection

TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit)

iScripts ReserveLogic - SQL Injection

AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter)

3.4.19

phpFileManager 1.7.8 - Local File Inclusion

Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting

AIDA64 Extreme Edition 5.99.4800 - Local SEH Buffer Overflow

CMS Made Simple < 2.2.10 - SQL Injection

LimeSurvey < 3.16 - Remote Code Execution

JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery

WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering

Inout RealEstate - 'city' SQL Injection

Inout EasyRooms - SQL Injection

30.3.19

CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting

Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)

CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)

gnutls 3.6.6 - 'verify_crt()' Use-After-Free

29.3.19

Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter)

Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection

BigTree 4.3.4 CMS - Multiple SQL Injection

Job Portal 3.1 - 'job_submit' SQL Injection

Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service

i-doit 1.12 - 'qr.php' Cross-Site Scripting

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion

Fat Free CRM 0.19.0 - HTML Injection

Airbnb Clone Script - Multiple SQL Injection

Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion

27.3.19

Jettweb Hazır Rent A Car Scripti V4 - SQL Injection

Microsoft Windows 7/2008 - 'Win32k' Denial of Service (PoC)

Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR

SJS Simple Job Script - SQL Injection / Cross-Site Scripting

Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion

XooDigital - 'p' SQL Injection

XooGallery - Multiple SQL Injection

Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting

Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection

27.3.19

VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware Workstation 14.1.5 / VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation

Zeeways Matrimony CMS - SQL Injection

Zeeways Jobsite CMS - 'id' SQL Injection

Jettweb PHP Hazır Haber Sitesi Scripti V3 - SQL Injection

Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection (Authentication Bypass)

Jettweb PHP Hazır Haber Sitesi Scripti V1 - SQL Injection

X-NetStat Pro 5.63 - Local Buffer Overflow

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting

24.3.19

snap - seccomp BBlacklist for TIOCSTI can be Circumvented

Inout Article Base CMS - SQL Injection

22.3.19

Meeplace Business Review Script - 'id' SQL Injection

Matri4Web Matrimony Website Script - Multiple SQL Injection

21.3.19

Bootstrapy CMS - Multiple SQL Injection

Canarytokens 2019-03-01 - Detection Bypass

Placeto CMS Alpha v4 - 'page' SQL Injection

uHotelBooking System - 'system_page' SQL Injection

The Company Business Website CMS - Multiple Vulnerabilities

Rails 5.2.1 - Arbitrary File Content Disclosure

DVD X Player 5.5.3 - '.plf' Buffer Overflow

Netartmedia Vlog System - 'email' SQL Injection

21.3.19

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery

PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control

202CMS v10beta - Multiple SQL Injection

NetShareWatcher 1.5.8.0 - Local SEH Buffer Overflow

Netartmedia PHP Business Directory 4.2 - SQL Injection

Netartmedia PHP Dating Site - SQL Injection

Netartmedia Jobs Portal 6.1 - SQL Injection

Netartmedia PHP Real Estate Agency 4.0 - SQL Injection

Netartmedia PHP Car Dealer - SQL Injection

19.3.19

Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject

Microsoft VBScript - VbsErase Memory Corruption

Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML

Google Chrome < M73 - FileSystemOperationRunner Use-After-Free

Google Chrome < M73 - MidiManagerWin Use-After-Free

Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter

Google Chrome < M73 - Double-Destruction Race in StoragePartitionService

Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit)

libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons

Netartmedia Real Estate Portal 5.0 - SQL Injection

Netartmedia PHP Mall 4.1 - SQL Injection

Advanced Host Monitor 11.92 beta - Local Buffer Overflow

Netartmedia Event Portal 2.0 - 'Email' SQL Injection

eNdonesia Portal 8.7 - Multiple Vulnerabilities

MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting

Gila CMS 1.9.1 - Cross-Site Scripting

18.3.19

BMC Patrol Agent - Privilege Escalation Cmd Execution (Metasploit)

TheCarProject v2 - Multiple SQL Injection

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 - Denial of Service

WinMPG Video Convert 9.3.5 - Denial of Service

17.3.19

WinRAR 5.61 - Path Traversal

15.3.19

Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution

FTPGetter Standard 5.97.0.177 - Remote Code Execution

Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution

Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)

Moodle 3.4.1 - Remote Code Execution

Laundry CMS - Multiple Vulnerabilities

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities

ICE HRM 23.0 - Multiple Vulnerabilities

Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow

CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload

NetData 1.13.0 - HTML Injection

14.3.19

Microsoft Windows - .reg File / Dialog Box Message Spoofing

Microsoft Windows MSHTML Engine - "Edit" Remote Code Execution

Apache Tika-server < 1.18 - Command Injection

Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal

Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal

WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting

elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit)

13.3.19

Core FTP 2.0 build 653 - 'PBSZ' Denial of Service (PoC)

PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)

12.3.19

OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)

Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)

NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)

Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak

Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution

PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution

11.3.19

DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery

McAfee ePO 5.9.1 - Registered Executable Local Access Bypass

OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting

8.3.19

Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)

Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)

Kados R10 GreenBee - Multiple SQL Injection

6.3.19

Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass

Android - binder Use-After-Free via racy Initialization of ->allow_user_free

Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem

5.3.19

Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion

Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting

WordPress Plugin Cerber Security, Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities

Craft CMS 3.1.12 Pro - Cross-Site Scripting

Bolt CMS 3.6.4 - Cross-Site Scripting

MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal

Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

zzzphp CMS 1.6.1 - Cross-Site Request Forgery

Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload)

Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)

FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC)

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

OOP CMS BLOG 1.0 - Multiple SQL Injection

elFinder 2.1.47 - Command Injection vulnerability in the PHP connector

CMSsite 1.0 - Multiple Cross-Site Request Forgery

4.3.19

Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation

1.3.19

macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image

Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module

tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads

Google Chrome < M72 - FileWriterImpl Use-After-Free

Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost

Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

Google Chrome < M72 - PaymentRequest Service Use-After-Free

28.2.19

Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)

TransMac 12.3 - Denial of Service (PoC)

Usermin 1.750 - Remote Command Execution (Metasploit)

Joomla! Component J2Store < 3.3.7 - SQL Injection

Joomla! Component J2Store < 3.3.7 - SQL Injection

FTP Server 1.32 - Denial of Service

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)

Simple Online Hotel Reservation System - SQL Injection

26.2.19

Drupal < 8.6.9 - REST Module Remote Code Execution

Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)

Advance Gift Shop Pro Script 2.0.3 - SQL Injection

News Website Script 2.0.5 - SQL Injection

PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection

Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution

24.2.19

Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution

Teracue ENC-400 - Command Injection / Missing Authentication

Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation

Nuuo Central Management - Authenticated SQL Server SQL Injection (Metasploit)

WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

22.2.19

Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution

AirDrop 2.0 - Denial of Service (DoS)

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass

ScreenStream 3.0.15 - Denial of Service

Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)

RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)

EI-Tube 3 - SQL Injection

Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)

C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection

Memu Play 6.0.7 - Privilege Escalation

21.2.19

AirDrop 2.0 - Denial of Service (DoS)

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass

ScreenStream 3.0.15 - Denial of Service

Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)

RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)

EI-Tube 3 - SQL Injection

Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)

C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection

Memu Play 6.0.7 - Privilege Escalation

20.2.19

Belkin Wemo UPnP - Remote Code Execution (Metasploit)

MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

Android Kernel < 4.8 - ptrace seccomp Filter Bypass

FaceTime - Texture Processing Memory Corruption

WinRAR 5.61 - '.lng' Denial of Service

FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)

HotelDruid 2.3 - Cross-Site Scripting

Apple macOS 10.13.5 - Local Privilege Escalation

Jenkins - Remote Code Execution

Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection

Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting

XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting

eDirectory - SQL Injection

BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC)

Valentina Studio 9.0.4 - 'Host' Denial of Service (PoC)

Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting

Listing Hub CMS 1.0 - 'pages.php id' SQL Injection

Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection

NetSetMan 4.7.1 - 'Workgroup' Denial of Service (PoC)

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation

18.2.19

WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing

Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour

Comodo Dome Firewall 2.7.0 - Cross-Site Scripting

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting

Apache CouchDB 2.3.0 - Cross-Site Scripting

Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload

M/Monit 3.7.2 - Privilege Escalation

NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)

CMSsite 1.0 - 'post' SQL Injection

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module

Master IP CAM 01 3.3.4.2103 - Remote Command Execution

qdPM 9.1 - 'search[keywords]' Cross-Site Scripting

qdPM 9.1 - 'type' Cross-Site Scripting

mIRC < 7.55 - Remote Command Execution Using Argument Injection Through Custom URI Protocol Handlers

Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)

Realterm Serial Terminal 2.0.0.70 - Denial of Service

15.2.19

ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (DoS)

LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)

MediaMonkey 4.1.23 - '.mp3' URL Denial of Service (PoC)

WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection

DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting

DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting

DomainMOD 4.11.01 - 'category.php CatagoryName, StakeHolder' Cross-Site Scripting

DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting

DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting

Core FTP/SFTP Server 1.2 Build 589.42 - 'User domain' Denial of Service (PoC)

exacqVision ESM 5.12.2 - Privilege Escalation

14.2.19

Android - binder Use-After-Free of VMA via race Between reclaim and munmap

Android - binder Use-After-Free via fdget() Optimization

NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)

Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting

Ubuntu snapd < 2.37.1 - Local Privilege Escalation

snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)

snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)

runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution

Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow

LayerBB 1.1.2 - Cross-Site Scripting

BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution

Jenkins 2.150.2 - Remote Command Execution (Metasploit)

OPNsense < 19.1.1 - Cross-Site Scripting

13.2.19

OPNsense < 19.1.1 - Cross-Site Scripting

Jenkins 2.150.2 - Remote Command Execution (Metasploit)

LayerBB 1.1.2 - Cross-Site Scripting

runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution

Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow

10.2.19

Smoothwall Express 3.1-SP4 - Cross-Site Scripting

River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)

IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter)

VA MAX 8.3.4 - Authenticated Remote Code Execution

MyBB Bans List 1.0 - Cross-Site Scripting

River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)

Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure

IPFire 2.21 - Cross-Site Scripting

NordVPN 6.19.6 - Denial of Service (PoC)

Indusoft Web Studio 8.1 SP2 - Remote Code Execution

Evince - CBT File Command Injection (Metasploit)

NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)

Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)

FutureDj Pro 1.7.2.0 - Denial of Service

AirDroid 4.2.1.6 - Denial of Service

Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset

7.2.19

Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows

River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)

osCommerce 2.3.4.1 - 'reviews_id' SQL Injection

osCommerce 2.3.4.1 - 'products_id' SQL Injection

osCommerce 2.3.4.1 - 'currency' SQL Injection

5.2.19

OpenMRS Platform < 2.24.0 - Insecure Object Deserialization

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery

devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery

River Past Audio Converter 7.7.16 - Denial of Service (PoC)

Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC)

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)

BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure

4.2.19

Nessus 8.2.1 - Cross-Site Scripting

pfSense 2.4.4-p1 - Cross-Site Scripting

TaskInfo 8.2.0.280 - Denial of Service (PoC)

SpotAuditor 3.6.7 - Denial of Service (PoC)

LibSSH 0.7.6 / 0.8.4 - Unauthorized Access

MyVideoConverter Pro 3.14 - Denial of Service

River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)

SuiteCRM 7.10.7 - 'record' SQL Injection

SuiteCRM 7.10.7 - 'parentTab' SQL Injection

ResourceSpace 8.6 - 'watched_searches.php' SQL Injection

3.2.19

SureMDM < 2018-11 Patch - Local / Remote File Inclusion

Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)

1.2.19

macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics

macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic

macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem

macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack

macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File

LanHelper 1.74 - Denial of Service (PoC)

FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)

ASPRunner Professional 6.0.766 - Denial of Service (PoC)

AMAC Address Change 5.4 - Denial of Service (PoC)

Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC)

UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)

Anyburn 4.3 - 'Convert image to file format' Denial of Service

R 3.5.0 - Local Buffer Overflow (SEH)

Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)

IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)

iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure

Advanced File Manager 3.4.1 - Denial of Service (PoC)

10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass)

Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection

30.1.19

HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH

MiniUPnPd 2.1 - Out-of-Bounds Read

PDF Signer 3.0 - SSTI to RCE via CSRF Cookie

29.1.19

ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting

Smart VPN 1.1.3.0 - Denial of Service (PoC)

Mess Management System 1.0 - SQL Injection

Teameyo Project Management System 1.0 - SQL Injection

Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)

Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection

BEWARD Intercom 2.3.1 - Credentials Disclosure

Newsbull Haber Script 1.0.0 - 'search' SQL Injection

R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)

Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting

Cisco RV300 / RV320 - Information Disclosure

Sricam gSOAP 2.8 - Denial of Service

CMSsite 1.0 - 'search' SQL Injection

CMSsite 1.0 - 'cat_id' SQL Injection

Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)

LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference

AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery

WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download

Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)

MySQL User-Defined (Linux) (x32/x86_64) - 'sys_exec' Local Privilege Escalation

28.1.19

Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection

iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free

Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

Lua 5.3.5 - 'debug.upvaluejoin' Use After Free

GreenCMS 2.x - Arbitrary File Download

GreenCMS 2.x - SQL Injection

25.1.19

Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)

Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution

AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)

ImpressCMS 1.3.11 - 'bid' SQL Injection

Splunk Enterprise 7.2.3 - Authenticated Custom App RCE

SirsiDynix e-Library 3.5.x - Cross-Site Scripting

SimplePress CMS 1.0.7 - SQL Injection

Joomla! Component JHotelReservation 6.0.7 - SQL Injection

Joomla! Component J-CruisePortal 6.0.4 - SQL Injection

24.1.19

Microsoft Windows CONTACT - HTML Injection / Remote Code Execution

Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation

Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection

Joomla! Component VMap 1.9.6 - SQL Injection

Joomla! Component vRestaurant 1.9.4 - SQL Injection

Joomla! Component vReview 1.9.11 - SQL Injection

Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection

Joomla! Component vWishlist 1.0.1 - SQL Injection

Joomla! Component vBizz 1.0.7 - Remote Code Execution

Joomla! Component vBizz 1.0.7 - SQL Injection

23.1.19

Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution

Joomla! Component Easy Shop 1.2.3 - Local File Inclusion

CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt

Adianti Framework 5.5.0 - SQL Injection

22.1.19

Linux Kernel 4.13 - 'compat_get_timex()' Leak Kernel Pointer

Kepler Wallpaper Script 1.1 - SQL Injection

Echo Mirage 3.1 - Buffer Overflow (PoC)

GattLib 0.2 - Stack Buffer Overflow

PHP Uber-style GeoTracking 1.1 - SQL Injection

PHP Dashboards NEW 5.8 - Local File Inclusion

PHP Dashboards NEW 5.8 - 'dashID' SQL Injection

MoneyFlux 1.0 - 'id' SQL Injection

Reservic 1.0 - 'id' SQL Injection

Coman 1.0 - 'id' SQL Injection

18.1.19

Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation

Microsoft Windows CONTACT - Remote Code Execution

Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting

16.1.19

Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation

Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free

blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)

WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free

Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length

Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset

GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal

NTPsec 1.1.2 - 'config' Authenticated Out-of-Bounds Write Denial of Service (PoC)

NTPsec 1.1.2 - 'ntp_control' Authenticated NULL Pointer Dereference (PoC)

NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)

NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)

ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution

doorGets CMS 7.0 - Arbitrary File Download

Roxy Fileman 1.4.5 - Arbitrary File Download

FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure

Roxy Fileman 1.4.5 - Arbitrary File Download

doorGets CMS 7.0 - Arbitrary File Download

Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)

15.1.19

Microsoft Windows VCF - Remote Code Execution

Microsoft Windows 10 - COM Desktop Broker Privilege Escalation

Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation

Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation

Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation

Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation

AudioCode 400HD - Command Injection

Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection

Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation

Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection

Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection

Job Portal Platform 1.0 - SQL Injection

Real Estate Custom Script 2.0 - SQL Injection

ThinkPHP 5.X - Remote Command Execution

Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)

HealthNode Hospital Management System 1.0 - SQL Injection

Lenovo R2105 - Cross-Site Request Forgery (Command Execution)

Cleanto 5.0 - SQL Injection

Find a Place CMS Directory 1.5 - SQL Injection

Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection

Hootoo HT-05 - Remote Code Execution (Metasploit)

xorg-x11-server < 1.20.3 - Local Privilege Escalation (Solaris 11 inittab)

Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection

Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)

Twilio WEB To Fax Machine System Application 1.0 - SQL Injection

Modern POS 1.3 - SQL Injection

Modern POS 1.3 - Arbitrary File Download

Horde Imp - 'imap_open' Remote Command Execution

i-doit CMDB 1.12 - SQL Injection

i-doit CMDB 1.12 - Arbitrary File Download

Across DR-810 ROM-0 - Backup File Disclosure

14.1.19

Luminance Studio 2.17 - Denial of Service (PoC)

Blob Studio 2.17 - Denial of Service (PoC)

Liquid Studio 2.17 - Denial of Service (PoC)

Pixel Studio 2.17 - Denial of Service (PoC)

Paint Studio 2.17 - Denial of Service (PoC)

Tree Studio 2.17 - Denial of Service (PoC)

Selfie Studio 2.17 - Denial of Service (PoC)

Joomla! Component JoomCRM 1.1.1 - SQL Injection

Joomla! Component JoomProject 1.1.3.2 - Information Disclosure

Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)

Adapt Inventory Management System 1.0 - SQL Injection

12.1.19

Luminance Studio 2.17 - Denial of Service (PoC)

Blob Studio 2.17 - Denial of Service (PoC)

Liquid Studio 2.17 - Denial of Service (PoC)

Pixel Studio 2.17 - Denial of Service (PoC)

Paint Studio 2.17 - Denial of Service (PoC)

Tree Studio 2.17 - Denial of Service (PoC)

Selfie Studio 2.17 - Denial of Service (PoC)

Joomla! Component JoomCRM 1.1.1 - SQL Injection

Joomla! Component JoomProject 1.1.3.2 - Information Disclosure

Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)

Adapt Inventory Management System 1.0 - SQL Injection

11.1.19

OpenSource ERP 6.3.1. - SQL Injection

eBrigade ERP 4.5 - SQL Injection

Event Locations 1.0.1 - 'id' SQL Injection

Event Calendar 3.7.4 - 'id' SQL Injection

MLMPro 1.0 - SQL Injection

Architectural 1.0 - 'email' SQL Injection

Shield CMS 2.2 - 'email' SQL Injection

doitX 1.0 - 'search' SQL Injection

Matrix MLM Script 1.0 - Information Disclosure

eBrigade ERP 4.5 - Arbitrary File Download

PEAR Archive_Tar < 1.4.4 - PHP Object Injection

RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)

BlogEngine 3.3 - XML External Entity Injection

polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork

Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)

10.1.19

MLMPro 1.0 - SQL Injection

Architectural 1.0 - 'email' SQL Injection

Shield CMS 2.2 - 'email' SQL Injection

doitX 1.0 - 'search' SQL Injection

Matrix MLM Script 1.0 - Information Disclosure

eBrigade ERP 4.5 - Arbitrary File Download

PEAR Archive_Tar < 1.4.4 - PHP Object Injection

RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)

BlogEngine 3.3 - XML External Entity Injection

polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork

Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)

Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)

9.1.19

Microsoft Windows - Windows Error Reporting Local Privilege Escalation

MDwiki < 0.6.2 - Cross-Site Scripting

8.1.19

Wireshark - 'get_t61_string' Heap Out-of-Bounds Read

Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection

CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation

KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation

Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery

7.1.19

Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)

SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC)

BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC)

Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data

Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal

MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection

Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting

MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting

LayerBB 1.1.1 - Persistent Cross-Site Scripting

Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference

All in One Video Downloader 1.2 - Authenticated SQL Injection

Embed Video Scripts - Persistent Cross-Site Scripting

Mailcleaner - Authenticated Remote Code Execution (Metasploit)

2.1.19

NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)

EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)

Frog CMS 0.9.5 - Cross-Site Scripting

WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection

Vtiger CRM 7.1.0 - Remote Code Execution

NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)

1  2  3