WordPress allow-l10n-upload-filename plugin version 1.0 suffers from an arbitrary file download vulnerability.
>> ARCHIVE: 2018-11
WordPress sermon-shortcodes plugin version 1.0 suffers from an arbitrary file download vulnerability.
WordPress uploadingdownloading-non-latin-filename plugin version 1.1.5 suffers from an arbitrary file download vulnerability.
WordPress hwm_board plugin version 1.0 suffers from an arbitrary database download vulnerability.
WordPress user-spam-remover plugin version 1.0 suffers from a database backup disclosure vulnerability.
WordPress Delme plugin version 3.0 suffers from a database backup disclosure vulnerability.
Linux – Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)
WebKit JSC JIT – ‘JSPropertyNameEnumerator’ Type Confusion
TeamCity Agent – XML-RPC Command Execution (Metasploit)
Mac OS X – libxpc MITM Privilege Escalation (Metasploit)