Linux kernel versions prior to 4.11.8 suffer from an mq_notify: double sock_put() local privilege escalation vulnerability.
Android sdcardfs changes current->fs without proper locking.
Chamilo LMS version 1.11.8 suffers from a cross site scripting vulnerability in the firstname variable.
Updated releases address a security flaw that allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with –recurse-submodules.
FLIR Systems FLIR thermal traffic cameras suffer from an RTSP stream disclosure vulnerability.
FLIR Systems FLIR thermal traffic cameras suffers from a websocket device manipulation vulnerability.
net-snmp version 5.7.3 suffers from an unauthenticated denial of service vulnerability.
Imperva SecureSphere 13 suffers from a remote command execution vulnerability.
Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in […]
This Metasploit module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the ‘-A’ command line argument; however, it does not drop privileges when executing user-supplied scripts, resulting in execution of arbitrary commands as root. This Metasploit module […]
