This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko)….
>> ARCHIVE: 2020-01
D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
Pachev FTP Server 1.0 – Path Traversal
qdPM 9.1 – Remote Code Execution
BOOTP Turbo 2.0 – Denial of Service (SEH)(PoC)
WordPress WP Fanzone theme version 3.1 suffers from a remote SQL injection vulnerability.
Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation.
KeePass 2.44 – Denial of Service (PoC)
Citrix XenMobile Server 10.8 – XML External Entity Injection