Horde Groupware Webmail contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. The exploitation requires the Turba subcomponent to be installed. This module was tested on Horde versions 5.2.22 and 5.2.17 running Horde Form subcomponent versions prior to 2.0.19.
612b3d1040426906f9ecf9282768acae87d4201e1009859a877feab335c41aa4
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
02d50fafa7afa15affc9d2a910ba52a7906c1a7771884976926c3e1e9b326884
Chrome suffers from a use-after-free vulnerability in FileChooserImpl.
0ecbde145d35a4fdef837ba560c9160db3335f5c84f0365d90e9552d8eb3e971
Debian Linux Security Advisory 4429-1 - It was discovered that SPIP, a website engine for publishing, did not properly sanitize its user input. This would allow an authenticated user to perform arbitrary command execution.
4c8e164f2c1b3ed2602c6336b4f61fec545fefae033805137757f62795649cc6
Red Hat Security Advisory 2019-0737-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.171. Issues addressed include code execution and information leakage vulnerabilities.
f8314d3afe67ae77cfd388e36a385495c1ea0e964e066f3808b2c2fec28ec1af
Ubuntu Security Notice 3937-2 - USN-3937-1 and USN-3627-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 12.04 ESM. Simon Kappel discovered that the Apache HTTP Server mod_auth_digest module incorrectly handled threads. A remote attacker with valid credentials could possibly use this issue to authenticate using another username, bypassing access control restrictions. Various other issues were also addressed.
84ba48eb8961200abc8d263519dda08492c73f9a414994b448a649f3e2f95cc6
YiiCMS JetBrains PHPStorm version 6.0.3 suffers from a database disclosure vulnerability.
6796f35e6f9d3cb976e4ec479d154a909d63e78d55737e9f48fd348dc93ea559
Themosis Framework BookStore version 1.3.0 suffers from a database disclosure vulnerability.
e7d984dd83585e36817afdb40e14758be22454ca6afbe461ecaf3131117f5d2c
NekoCMS version 2.5 suffers from a database disclosure vulnerability.
cd468aaec923d430810ed0967307205d9e760270d7e73b6ab5f346d91256bd9d
FTPShell Server version 6.83 Account name to ban local buffer overflow exploit.
0103d38b2c7038d9675cec12825180d27cb3877000d5630b501b92e494d707f8
FTPShell Server version 6.83 Virtual Path Mapping local buffer overflow exploit.
b248948dec16aaf4914136ef9f42d2199554d52e55dbc3162d171fc4450663a4
D-Link DI-524 version 2.06RU suffers from a cross site scripting vulnerability.
94a6f0876dbfb6cb3eb82db104d083f62cf4504bbc57680ce733218f87d09cfb
Dell KACE Systems Management Appliance (K1000) version 6.4.120756 unauthenticated remote code execution exploit.
3eb5dff93e50fbe23fbc7494f2ff3a530986ae8dffc834f971baafeb16a34e1a
Microsoft Windows AppX deployment service privilege escalation exploit.
1460b5312b5682cc658f0829b40c8e8711a2d4883539bf45739ebf57d5a634a3
Apache Axis version 1.4 suffers from a remote code execution vulnerability.
43fdbd4445757874d097a1fddc91c93ec8a4d38cfb81f1581551cc008f2f8b94