>> ARCHIVE: 2019-05

Barco/AWIND OEM presentation platform suffers from an unauthenticated command injection vulnerability. Products affected include Crestron AM-100 1.6.0.2, Crestron AM-101 2.7.0.1, Barco wePresent WiPG-1000P 2.3.0.10, Barco wePresent WiPG-1600W before 2.4.1.19, Extron…

Zotonic versions 0.46 and below suffer from a mod_admin (Erlang) cross site scripting vulnerability.

WordPress Social Warfare plugin versions prior to 3.5.3 suffer from a remote code execution vulnerability.

MailCarrier version 2.51 HELP remote buffer overflow exploit.

Sentrifugo Human Resource Management System version 3.2 suffers from a database configuration file disclosure vulnerability.

OpenSkos Simple Knowledge Organization System version 2.0 suffers from a database configuration file disclosure vulnerability.

CentOS Web Panel versions 0.9.8.793 (Free), 0.9.8.753 (Pro), and 0.9.8.807 (Pro) suffer from a domain field (Add DNS Zone) cross site scripting vulnerability.

This archive contains proof of concepts and a whitepaper that describes multiple email client implementations where popular clients for email are vulnerable to signature spoofing attacks.

Winamp version 5.12 playlist (.pls) buffer overflow exploit with ASLR + EGGHUNT + REV_SHELL. Written in Python.

This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secret_key_base, and can be easily extracted by visiting…