Posts

Mandos Encrypted File System Unattended Reboot Utility 1.8.5

Veritas Resiliency Platform (VRP) Traversal / Command Execution

Oracle Hyperion Planning 11.1.2.3 XML Injection

D-Link 6600-AP XSS / DoS / Information Disclosure

iMessage NSKnownKeysDictionary1 Memory Corruption

iMessage NSArray Deserialization

iMessage NSKeyedUnarchiver Deserialization

JSC YarrJIT initParenContextFreeList Byte Overwrite

JSC BytecodeGenerator::emitEqualityOpImpl Data Mishandling

WordPress WP Fastest Cache 0.8.9.5 Directory Traversal

Amcrest Cameras 2.520.AC00.18.R Unauthenticated Audio Streaming

Redis Unauthenticated Code Execution

NSKeyedUnarchiver ObjC Object Use-After-Free

WordPress Simple Membership 3.8.4 Cross Site Request Forgery

GigToDo 1.3 Cross Site Scripting

WordPress Real Estate Theme 2.8.9 Cross Site Scripting

Linux/x86 NOT +SHIFT-N+ XOR-N Encoded /bin/sh Shellcode

Schneider Electric Pelco Endura NET55XX Encoder

WordPress Database Backup Remote Command Execution

Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution

ABUS Secvest 3.01.01 Unchecked Message Transmission Error Condition

Zurmo 3.2.6 Iframe Injection

Zurmo 3.2.6 Open Redirection

Zurmo 3.2.6 Persistent Cross Site Scripting

Zurmo 3.2.6 Out Of Band Code Evaluation

Ahsay Backup 7.x / 8.x XML Injection

Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution

Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution

pdfresurrect 0.15 Buffer Overflow

Moodle Filepicker 3.5.2 Server-Side Request Forgery

Microsoft Windows 7 Build 7601 (x86) Local Privilege Escalation

iMessage DigitalTouch Out-Of-Bounds Read

WebKit Synchronous Page Load Universal Cross Site Scripting

Zurmo 3.2.6 Code Evaluation

Zurmo 3.2.6 Reflected Cross Site Scripting

Yahei-PHP Prober 0.4.7 HTML Injection

Trend Micro Deep Discovery Inspector Percent Encoding IDS Bypass

Ovidentia 8.4.3 Cross Site Scripting

Ovidentia 8.4.3 SQL Injection

Tufin Secure Change Remote Code Execution

WordPress Hybrid Composer 1.4.6 Unauthenticated Access

Mikrotik RouterOS Resource / Stack Exhaustion

Jenkins Credentials Binding Plugin CVE-2019-1010241 Information Disclosure Vulnerability

Axway SecureTransport 5 XML Injection

Novismart CMS SQL Injection

BACnet Stack 0.8.6 Denial Of Service

GNU Binutils 'libiberty' CVE-2019-14250 Integer Overflow Vulnerability

D-Link DSL-2750U Multiple Authentication Bypass Vulnerabilities

Scapy '_RADIUSAttrPacketListField' Class Remote Denial of Service Vulnerability

Microsoft Windows Task Scheduler Local Privilege Escalation