:: Deepquest ::

There is a use-after-free in jscript.dll library that can be exploited in IE11.

GoAhead http versions 2.5 through 3.6.5 LD_PRELOAD remote code execution exploit.

There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).

There is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.

Joomla! JB Visa component version 1.0 suffers from a remote SQL injection vulnerability.

This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default installations. Authentication is not required to exploit the vulnerability.

This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of the webserver. The vulnerability exists because of the User::getRecentElements() method is using the unserialize() function with data that can be arbitrarily manipulated by a user […]

WordPress WebConnex Form Management plugin version 1.6.3 suffers from a cross site scripting vulnerability.

WordPress Itinerary plugin version 1.0.0 suffers from a cross site scripting vulnerability.

The Intel Content Protection HECI Service exposes a DCOM object to all users and most sandboxes (such as Edge LPAC and Chrome GPU). It has a type confusion vulnerability which can be used to elevate to SYSTEM privileges.