A type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote […]
Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory […]
Sitecore versions 8.x suffer from a deserialization vulnerability that allows for remote code execution.
Pronestor Health Monitoring versions prior to 8.1.12.0 suffer from a local privilege escalation vulnerability due to weak file permissions.
This script abuses an unauthenticated information leak in the apcupsd daemon.
The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.910 and lower versions. Any user authorized to the “Package Updates” module can execute arbitrary commands with root privileges.