Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.

WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.

Qik Chat version 3.0 for iOS suffers from a command injection vulnerability.

PHP-Fusion CMS versions 9 through 9.03 suffer from multiple cross site scripting vulnerabilities.

rConfig version 3.93 suffers from an authenticated ajaxAddTemplate.php remote code execution vulnerability.

Gentoo Linux Security Advisory 202003-38 - A vulnerability in Imagick PHP extension might allow an attacker to execute arbitrary code. Versions less than 3.4.4 are affected.

rConfig version 3.9.4 suffers from a search.crud.php remote command injection vulnerability.

This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the version of the software. Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub.

Ubuntu Security Notice 4330-1 - It was discovered that PHP incorrectly handled certain file uploads. An attacker could possibly use this issue to cause a crash. It was discovered that PHP incorrectly handled certain PHAR archive files. An attacker could possibly use this issue to access sensitive information. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. Various other issues were also addressed.

QRadar Community Edition version 7.3.1.6 suffers from a php object injection vulnerability.

PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.

FreeBSD Security Advisory - Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.

FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.

FreeBSD Security Advisory - The kernel driver for /dev/midistat implements a handler for read(2). This handler is not thread-safe, and a multi-threaded program can exploit races in the handler to cause it to copy out kernel memory outside the boundaries of midistat's data buffer. The races allow a program to read kernel memory within a 4GB window centered at midistat's data buffer. The buffer is allocated each time the device is opened, so an attacker is not limited to a static 4GB region of memory. On 32-bit platforms, an attempt to trigger the race may cause a page fault in kernel mode, leading to a panic.

FreeBSD Security Advisory - The kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Sensitive kernel data may be disclosed.

Red Hat Security Advisory 2020-1131-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include an incorrect parsing vulnerability.

Red Hat Security Advisory 2020-1132-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package provides the "python3" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3-libs package, which should be installed automatically along with python3. The remaining parts of the Python standard library are broken out into the python3-tkinter and python3-test packages. Issues addressed include an incorrect parsing vulnerability.

Red Hat Security Advisory 2020-1324-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include denial of service, memory exhaustion, and remote SQL injection vulnerabilities.

Ubuntu Security Notice 4333-1 - It was discovered that Python incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. It was discovered that Python incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial of service.

Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set.

MINIX version 3.3.0 suffers from multiple local denial of service vulnerabilities.

MINIX versions 3.3.0 and below remote TCP/IP stack denial of service exploit that leverages a malformed TCP option.

Red Hat Security Advisory 2020-1636-01 - libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Issues addressed include a buffer overflow vulnerability.

Frigate version 3.36 SEH buffer overflow exploit that pops a calculator.

Weplab Win32 is a windows tool to review the security of WEP encryption in wireless networks from an educational point of view. Several attacks are available to help measure the effectiveness and minimum requirements necessary to succeed.

Remote Snort Back Orifice preprocessor overflow Metasploit exploit for Win32 targets. Exploits Snort versions 2.4.0 through 2.4.2. Tested against Snort 2.4.2 Binary with Windows XP Professional SP1/SP2, Windows Server 2003 SP1, Windows Server 2000 SP0, and Windows 2000 Professional SP0.

Technical Cyber Security Alert TA07-163A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Windows Secure Channel, Internet Explorer, Win32 API, Windows Mail and Outlook Express. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

This Metasploit module exploits a stack-based buffer overflow in the Win32AddConnection function of the VideoLAN VLC media player. Versions 0.9.9 throught 1.0.1 are reportedly affected. This vulnerability is only present in Win32 builds of VLC. This payload was found to work with the windows/exec and windows/meterpreter/reverse_tcp payloads. However, the windows/meterpreter/reverse_ord_tcp was found not to work.

33 bytes small Win32 egg searching shellcode that should work on all service packs of Microsoft Windows XP, 2k, and 2k3.

52 bytes small Win32/XP SP3 windows magnifier shellcode.

56 bytes small Win32/XP SP3 shutdown windows shellcode with a 30 second timer.

Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.

CentOS Control Web Panel version 0.9.8.836 suffers from a privilege escalation vulnerability.

CentOS Control Web Panel version 0.9.8.836 suffers from an authentication bypass vulnerability.

CentOS Control Web Panel version 0.9.8.838 suffers from a user enumeration vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.836 suffers from a remote command execution vulnerability.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a persistent cross site scripting vulnerability.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a cross site request forgery vulnerability.

This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64).