Zurmo version 3.2.6 suffers from a persistent cross site scripting vulnerability.
78dd4cf9cac1ce59afb343a7d09687c57a8237d03c13a57ddf725f905d8fdbfe
Zurmo version 3.2.6 suffers from an iframe injection vulnerability.
be149ee47f765fcce8f2b2994d34e9eaee177b91190c25d3cb463249050e9ac7
Zurmo version 3.2.6 suffers from an open redirection vulnerability.
8b719a489c483b76d9ccc18497e929ce77707eb873424068907ff05ba6b03807
Zurmo version 3.2.6 suffers from an out-of-band code evaluation vulnerability.
7c3e153c94a1ce42cab8549f0468f88ce426261b7a57e8d156c769fa02e84043
Ubuntu Security Notice 4054-2 - USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. Various other issues were also addressed.
9573711ae77b9f804c17bb7d87e64c1ac94e7240fc30836a442eedef386d1b66
Ahsay Backup versions 7.x through 8.1.1.50 suffer from an XML external entity injection vulnerability.
dd8c01c9f85afcf5145302b1adfc9557936417386490d477aa5caa61b6d6728b
This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!
83afb5ef0b4fb3cbf8a67a2f3aef040fe1e3f8026ef03cddf56dee9c7ba91e49
Ahsay Backup versions 7.x through 8.1.1.50 suffer from authenticated arbitrary file upload and remote code execution vulnerabilities.
8f297f63226a55c017752fbfc4e3ad2b92918ea609bfd8418e0ea5ca9cf59421
Ubuntu Security Notice 4075-1 - Jeremy Harris discovered that Exim incorrectly handled sort expansions. In environments where sort expansions are used, a remote attacker could possibly use this issue to execute arbitrary code as root.
af9a5c43a6ba001d6f9f739c96c14a1101ba928e6aaf880efbaa5758c3abbddc
Red Hat Security Advisory 2019-1860-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include buffer overflow and code execution vulnerabilities.
92cb9170061d200be1f9a585a697be5ef625c327ae3d702c2440eeabc521f848
pdfresurrect version 0.15 suffers from a buffer overflow vulnerability.
6573e21a72fbf0b36261b1749b306359e3b8af17322ae8b0324340888de8e1f4
Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability.
9e99304545fd9a554cb40ac8cb40e946e4c7484cbdb93f93a8b78d93ab0d1bce
Microsoft Windows 7 Build 7601 (x86) local privilege escalation exploit.
48d06e50b882f363ce29fb915222dd7ed84f617e38b68912b67b47eacf8f0564
iMessage suffers from an out-of-bounds read vulnerability in DigitalTouch tap message processing.
43c0de1b0e61b238665de50f7e836ad89cf87bcb0d36b06a11a92a974125f5c3
WebKit suffers from a universal cross site scripting vulnerability due to synchronous page loads.
96f6f97eb65f02184266b09e95ea13a191470ecb65a4f697ed07cd10157d7b04