Denapars Shop Script suffers from administrative bypass, shell upload, and insecure cookie handling vulnerabilities.

velBox version 1.2 suffers from an insecure cookie handling vulnerability.

Memorial Web Site Script suffers from password reset and insecure cookie handling vulnerabilities.

My Book suffers from an insecure cookie handling vulnerability.

xWeblog version 2.2 suffers from an insecure cookie handling vulnerability.

WikiWebHelp version 0.3.3 suffers from an insecure cookie handling vulnerability.

Babil CMS suffers from an insecure cookie handling vulnerability.

web.go suffers from an insecure cookie vulnerability. Their cookie is modeled after Tornado which had the same issue reported on in 2010.

Paddelberg Topsite Script version 1.2.3 suffers from an authentication bypass vulnerability due to insecure cookie handling.

NICE Recording eXpress versions 6.0.x, 6.1.x, 6.2.x, 6.3.x, and 6.5.x suffer from cross site scripting, root backdoor, unauthenticated access, fail authorization, insecure cookie handling, and remote SQL injection vulnerabilities.

An elevation of privilege vulnerability exists in Microsoft Windows when the Win32k component fails to properly handle objects in memory. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This Metasploit module is tested against Windows 10 v1703 x86.

Microsoft Windows 7 Build 7601 (x86) local privilege escalation exploit.

Microsoft Windows suffers from an Internet Settings misconfiguration security feature bypass vulnerability. Versions affected include Windows 7 SP1, 8.0, 8.1 x86 and x64 with full patches up to July 2019.

Microsoft Windows 7 (x86) BlueKeep remote desktop protocol windows kernel use-after-free exploit.

The Plantronics Hub client application for Windows makes use of an automatic update service SpokesUpdateService.exe which automatically executes a file specified in the MajorUpgrade.config configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64). This Metasploit module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64).

The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.pipeWindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on Windscribe versions 1.80 and 1.81 on Windows 7 SP1 (x64).

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.

Debian Linux Security Advisory 4584-1 - Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis.