WordPress Userpro plugin versions 4.9.17 and below suffer from an authentication bypass vulnerability.
>> CATEGORY: exploit
mkvalidator version 0.5.1 suffers from multiple denial of service vulnerabilities leveraging libebml2 and mkclean.
Logitech Media Server version 7.9.0 suffers from multiple cross site scripting vulnerabilities.
pfSense versions 2.3.1_1 and below suffers from a post authentication command execution vulnerability.
The Actiontec C1000A modem has a hard-coded backdoor admin account.
This is a proof of concept exploit for the waitid bug introduced in version 4.13 of the Linux kernel. It can be used to break out of sandboxes such as…
WordPress Duplicator Migration plugin version 1.2.28 suffers from a cross site scripting vulnerability.
Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability.
Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from a soft console remote buffer overflow vulnerability.
Splunk version 6.6.x suffers from a local privilege escalation vulnerability. Splunk can be configured to run as a non-root user. However, that user owns the configuration file that specifies the…