List of latest published vulnerabilities.

Exploit-DB

• [local] Torrent 3GP Converter 1.51 - Stack Overflow (SEH) January 27, 2020
  Torrent 3GP Converter 1.51 - Stack Overflow (SEH)
• [webapps] OLK Web Store 2020 - Cross-Site Request Forgery January 24, 2020
  OLK Web Store 2020 - Cross-Site Request Forgery
• [webapps] Genexis Platinum-4410 2.1 - Authentication Bypass January 24, 2020
  Genexis Platinum-4410 2.1 - Authentication Bypass
• [webapps] TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot January 24, 2020
  TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
• [webapps] Webtareas 2.0 - 'id' SQL Injection January 24, 2020
  Webtareas 2.0 - 'id' SQL Injection
• [dos] Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) January 23, 2020
  Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
• [local] Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit) January 23, 2020
  Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)
• [webapps] qdPM 9.1 - Remote Code Execution January 23, 2020
  qdPM 9.1 - Remote Code Execution
• [dos] BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC) January 23, 2020
  BOOTP Turbo 2.0 - Denial of Service (SEH)(PoC)
• [remote] Pachev FTP Server 1.0 - Path Traversal January 23, 2020
  Pachev FTP Server 1.0 - Path Traversal

National Vulnerability Database

• CVE-2019-17103 January 27, 2020
  An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0.
• CVE-2020-8009 January 27, 2020
  AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file.
• CVE-2019-17102 January 27, 2020
  An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.
• CVE-2019-17100 January 27, 2020
  An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69.
• CVE-2017-16112 January 27, 2020
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2017-15010. Reason: This candidate is a reservation duplicate of CVE-2017-15010. Notes: All CVE users should reference CVE-2017-15010 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
• CVE-2020-5521 January 27, 2020
  The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
• CVE-2020-5522 January 27, 2020
  The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
• CVE-2017-14807 January 27, 2020
  An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions.
• CVE-2019-6036 January 27, 2020
  Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
• CVE-2020-5520 January 27, 2020
  The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.