>> ARCHIVE: 2017-10

During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator…

SmartBear SoapUI version 5.3.0 suffers from a remote code execution vulnerability via deserialization.

Unitrends UEB version 9.1 bpserverd remote command execution exploit.

Lansweeper version 6.0.0.63 suffers from a cross site scripting vulnerability.

This is a collection of exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work…

WordPress version 4.8.2 fails to have an expiration mechanism tied to activation keys allowing for eternal use.

Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability.

Metasploit Pro, Express, Ultimate, and Community suffer from a cross site request forgery vulnerability.

This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable.