SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a cross site scripting vulnerability.
>> CATEGORY: exploit
This Metasploit module exploits an arbitrary file download vulnerability in the DarkComet C&C server versions 3.2 and up. The exploit does not need to know the password chosen for the…
SSHC version 5.0 is susceptible to an encrypted database content theft vulnerability.
An independent vulnerability laboratory researcher discovered a remote sql-injection web vulnerability in the official Mutualaid CMS v4.3.1 content management system.
CMS Elevel version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
WordPress Premium SEO Pack plugin version 1.9.1.3 wp_options overwrite exploit.
dbdiff suffers from a cross site scripting vulnerability.
It is possible to bypass the ProcessFontDisablePolicy check in win32k to load a custom font from an arbitrary file on disk even in a sandbox.
gdi32.dll in Microsoft Windows suffers from a heap-based out-of-bounds reads / memory disclosure vulnerability in multiple DIB-related EMF record handlers.
The Adobe Type Manager Font Driver (ATMFD.DLL) responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode applications via an undocumented gdi32!NamedEscape…