ZDI-24-806: (0Day) Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The...
ZDI-24-805: (0Day) Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The...
ZDI-24-804: Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code...
ZDI-24-803: Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability
This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged...
ZDI-24-802: (0Day) Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged...
DSA-5714-1 roundcube – security update
Huy Nguyễn Phạm Nhật, and Valentin T. and Lutz Wolf of CrowdStrike, discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did...
DSA-5715-1 composer – security update
Two vulnerabilities have been discovered in Composer, a dependency manager for PHP, which could result in arbitrary command execution by operating on malicious git/hg repositories....
kitty-0.35.1-4.fc40
FEDORA-2024-15039ba9f9 Packages in this update: kitty-0.35.1-4.fc40 Update description: rebuild for rhbz#2292712 Read More
Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6
Posted by Andrey Stoykov on Jun 15 # Exploit Title: Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6 # Date: 6/2024 # Exploit Author: Andrey...
DSA-5713-1 libndp – security update
A buffer overflow was discovered in libndp, a library implementing the IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of service or potentially...