Posts

Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)

BMC Server Automation RSCD Agent NSH Remote Command Execution

IPSwitch MoveIt 9.4 Cross Site Scripting

Chromium filesystem::mojom::Directory Sandbox Escape

Sprecher Automation SPRECON-E-C / PU-2433 Traversal / DoS

systemd Local Privilege Escalation

systemd (systemd-tmpfiles) < 236 - 'fs.protected_hardlinks=0' Local Privilege Escalation

Dup Scout Enterprise 10.4.16 Import Command Buffer Overflow

WordPress Propertyhive 1.4.14 Cross Site Scripting

LibRaw Denial Of Service

System Shield 5.0.0.136 Privilege Escalation

BMC BladeLogic RSCD Agent 8.3.00.64 Windows Users Disclosure

Joomla! Visual Calendar 3.1.3 SQL Injection

LabF nfsAxe 3.7 TFTP Client Local Buffer Overflow Client

OwnCloud Server 10.0 User Enumeration

Arq 5.10 Local Privilege Escalation

Arq 5.10 Local Privilege Escalation

Joomla! CP Event Calendar 3.0.1 SQL Injection

Joomla! Picture Calendar For Joomla 3.1.4 Directory Traversal

Advantech WebAccess 8.0-2015.08.16 SQL Injection

HPE iMC 7.3 RMI Java Deserialization

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure

Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection

Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection

LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal

System Shield 5.0.0.136 - Privilege Escalation

Advantech WebAccess < 8.3 - SQL Injection

HPE iMC 7.3 - RMI Java Deserialization

Arq 5.10 - Local root Privilege Escalation (2)

Arq 5.10 - Local root Privilege Escalation

Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)

macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding

RETIRED: Jenkins CVE-2017-1000392 HTML Injection Vulnerability

Nexpose < 6.4.66 - Cross-Site Request Forgery

Buddy Zone 2.9.9 - SQL Injection

Linux/x86 - Egghunter Shellcode (12 Bytes)

TSiteBuilder 1.0 - SQL Injection

Hot Scripts Clone - 'subctid' SQL Injection

Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download

PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal

PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection

KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes)

Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection

Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery

Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution

Netis WF2419 Router - Cross-Site Request Forgery

Task Rabbit Clone 1.0 - 'id' SQL Injection

Gnew 2018.1 - Cross-Site Request Forgery