Event Manager PHP Script version 1.0 suffers from a remote SQL injection vulnerability.
Joomla! JEXTN Reverse Auction 3.1.0 SQL Injection
Joomla! JEXTN Reverse Auction component version 3.1.0 suffers from a remote SQL injection vulnerability.
Joomla! JMS Music 1.1.1 SQL Injection
Joomla! JMS Music component version 1.1.1 suffers from a remote SQL injection vulnerability.
Oracle Hospitality Simphony (MICROS) 2.9 Directory Traversal
Oracle Hospitality Simphony (MICROS) versions 2.7 through 2.9 suffer from a directory traversal vulnerability.
FiberHome AN5506 Unauthenticated Remote DNS Change
FiberHome AN5506 unauthenticated remote DNS changing exploit.
WebKit WebCore::FrameView::clientToLayoutViewportPoint Use-After-Free
WebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.
WebKit detachWrapper Use-After-Free
WebKit suffers from a use-after-free vulnerability in detachWrapper.
Claymore Dual GPU Miner 10.5 Format String
Claymore Dual GPU Miner versions 10.5 and below suffer from format string vulnerabilities.
Apport / ABRT chroot Privilege Escalation
This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace (“container”). Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container’s Apport by changing the root directory before loading the crash report, causing […]
MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution
This Metasploit module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion between Transaction and WriteAndX requests and a race condition in […]