>> CATEGORY: exploit

The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by abusing the drive letter symbolic…

This is a small python script that will enumerate through a list of targets and test their user agent for the shellshock vulnerability.

Callisto 821+R3 suffers from multiple cross site request forgery vulnerabilities.

ZTE ZXHN H108N version 3.3.0_MU suffers from a CWMP configuration disclosure vulnerability.

Cisco AnyConnect Secure Mobility Client version 3.1.08009 suffers from a privilege escalation vulnerability. The fix for CVE-2015-4211 is insufficient which allows a local application to elevate to local system through…

ManageEngine ServiceDesk Plus versions 9.1 build 9110 and below suffer from a path traversal vulnerability.

SourceBans version 1.4.11 suffers from a cross site scripting vulnerability.

Liferay Portal version 6.2 EE SP13 suffers from an administrator-inflicted cross site scripting vulnerability.

WordPress DWBooster Payment Form for PayPal Pro plugin version 1.0.1 suffers from a cross site scripting vulnerability.

WordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.