>> ARCHIVE: 2018-11

Microsoft Internet Explorer 11 suffers from a null pointer dereference vulnerability in Tree::Notify_InvalidateDisplay.

Mongo Web Admin version 6.0 suffers from an information leakage vulnerability.

CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote code execution.

PHP Proxy version 3.0.3 suffers from a local file inclusion vulnerability.

CMS Made Simple version 2.2.7 suffers from a remote code execution vulnerability.

Voovi Social Networking Script version 1.0 suffers from a remote SQL injection vulnerability.

This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the…

This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp’s jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration…

This Metasploit module exploits sendmail’s well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris…