Exagate Sysguard 6001 suffers from a cross site request forgery vulnerability.

ECK Hotel version 1.0 suffers from a cross site request forgery vulnerability.

QRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities.

Edimax EW-7438RPn suffers from a cross site request forgery vulnerability.

Complaint Management System version 4.2 suffers from a cross site request forgery vulnerability.

Maian Support Helpdesk version 4.3 suffers from a cross site request forgery vulnerability.

Apache OFBiz version 17.12.03 suffers from a cross site request forgery vulnerability.

Qik Chat version 3.0 for iOS suffers from a command injection vulnerability.

QRadar Community Edition version 7.3.1.6 suffers from a php object injection vulnerability.

FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets etc. opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

FreeBSD Security Advisory - System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. A local user can use this flaw to obtain access to files, directories, sockets, etc., opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system.

Local root exploit for the FreeBSD mqueuefs vulnerability as disclosed in FreeBSD-SA-19:15.mqueuefs.

Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems. It currently extracts local accounts NT/LM hashes and history, domain accounts NT/LM hashes and history, cached domain password, and Bitlocker recovery information.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a cross site request forgery vulnerability.

CentOS Webpanel version 7 suffers from a remote SQL injection vulnerability.

Django version 3.0 suffers from a cross site request forgery token bypass vulnerability.

QRadar Community Edition version 7.3.1.6 suffers from an authorization bypass vulnerability.

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens (UUIDs). QRadar fails to validate if the user-supplied token is in the correct format. Using path traversal it is possible for authenticated users to impersonate other users, and also to executed arbitrary code (via Java deserialization). The code will be executed with the privileges of the Tomcat system user.

jQuery versions prior to 3.5 suffer from an html() cross site scripting vulnerability.

Tiny MySQL suffers from a cross site scripting vulnerability.

This whitepaper provides an overview of the MQTT protocol. MQTT is a is an open OASIS and ISO standard (ISO/IEC PRF 20922) lightweight, simple machine to machine TCP/IP based protocol which can be used for communication between IoT devices.

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote SQL injection vulnerabilities in Centreon version 19.10-3.el7.

QRadar Community Edition version 7.3.1.6 suffers from a local privilege escalation due to insecure file permissions with run-result-reader.sh.

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_REQUIREMENTS_LIST registry values.

IQrouter firmware version 3.3.1 suffers from a remote code execution vulnerability.

Cisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).

Snare for Squid provides a remote distribution facility for Squid proxy server logs, and is known to run on most Unix variations, including Linux, Solaris, AIX, Tru64, and Irix. Snare for Squid can be used to send data to either a remote or local SYSLOG server, or the Snare Server for centralized collection, analysis, and archival.

Sites designed by IRIX suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.