AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.

macOS and iOS have an ImageIO heap corruption issue when processing malformed PVR images.

macOS and iOS suffer from an ImageIO out-of-bounds read when processing PVR images.

macOS and iOS suffers from an out-of-bounds timestamp write in IOAccelCommandQueue2::processSegmentKernelCommand().

macOS and iOS have a vulnerability with ImageIO where memory safety issues occur when processing OpenEXR images.

ProficySCADA for iOS version 5.0.25920 suffers from a denial of service vulnerability.

AirDisk Pro version 5.5.3 for iOS suffers from multiple persistent cross site scripting vulnerabilities.

School ERP Pro version 1.0 suffers from an arbitrary file read vulnerability.

272 bytes small Linux/x86_64 null free password protected bindshell shellcode.

AV Arcade Pro version 5.4.3 suffers from an insecure cookie vulnerability that allows for access bypass.

Symantec Endpoint Protection versions 14.2.5323.2000, 14.2.5569.2100, and 14.2.5587.2100 suffer from a race condition vulnerability.

Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.

FlashGet version 1.9.6 remote buffer overflow proof of concept exploit.

With Windows 2000 Microsoft introduced the inheritance of access rights and new Win32-API functions like SetNamedSecurityInfo() which handle the inheritance. SetNamedSecurityInfo() but has a serious bug: it applies inheritable ACEs from a PARENT object to a target object even if it must not do so, indicated by the flags SE_DACL_PROTECTED and/or SE_SACL_PROTECTED in the security descriptor of the target object.

HP ThinPro versions 7.1, 7.0, 6.2.1, and 6.2 suffer from an application filter bypass vulnerability.