macOS and iOS suffer from an ImageIO out-of-bounds read when processing PVR images.

macOS and iOS suffers from an out-of-bounds timestamp write in IOAccelCommandQueue2::processSegmentKernelCommand().

This Metasploit module exploits a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro version 1.2.4.

FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.

This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.

Citrix Application Delivery Controller and Citrix Gateway directory traversal remote code execution exploit.

PHPKB Multi-Language 9 suffers from an authenticated directory traversal vulnerability.

PhreeBooks ERP version 5.2.5 suffers from a remote command execution vulnerability.

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.

CuteNews version 1.4.6 suffers from an insecure cookie handling vulnerability.

WordPress Tutor LMS plugin version 1.5.3 suffers from a cross site request forgery vulnerability.

Enhanced Multimedia Router version 3.0.4.27 suffers from a cross site request forgery vulnerability.

Prestashop versions 1.7.6.4 and below suffer from code execution, cross site request forgery, and cross site scripting vulnerabilities.

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.

Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit.