Tp-link EAP Controller does not handle privilege management correctly so a non privileged user can execute privileged actions. This module will try to change the device's settings and enable ssh in order to take control of the managed Access Points.
Drupal is prone to an OS command injection vulnerability that allows attackers to take advantage of an improper validation of user-supplied data in the Form API Ajax Requests.
IBM Informix Open Admin Tool is vulnerable to an unauthenticated php remote code execution, allowing attackers to execute arbitrary php code in the system.
Symantec Messaging Gateway is prone to an Authentication Bypass vulnerability that allows attackers to take advantage of an improper validation of user-supplied data in the RestoreAction.performRestore method.
An attacker can leverage this vulnerability to execute arbitrary code in the context of root.
An attacker can leverage this vulnerability to execute arbitrary code in the context of root.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre
This module performs a local check in order to detect if the target is vulnerable to CVE 2017-5154 (aka Meltdown).
This update adds Windows support.
This update adds Windows support.
This module exploits a race condition vulnerability in the Linux Kernel via MAP_PRIVATE COW.
The bug relies in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
This update improves the post-escalation execution.
The bug relies in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
This update improves the post-escalation execution.
The waitid implementation in upstream kernels did not restrict the target destination to copy information results. This can allow local users to write to otherwise protected kernel memory, which can lead to privilege escalation.
This update fixes the way non-vulnerable targets are handled
This update fixes the way non-vulnerable targets are handled
Embedthis GoAhead before 3.6.5 and after 2.5.0 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
This module performs a local check in order to detect if the target is vulnerable to CVE 2017-5154 (aka Meltdown).