List of latest published vulnerabilities.

Exploit-DB

• [local] CentOS 7.6 - 'ptrace_scope' Privilege Escalation June 14, 2019
  CentOS 7.6 - 'ptrace_scope' Privilege Escalation
• [papers] Active Directory Enumeration with PowerShell June 14, 2019
  Active Directory Enumeration with PowerShell
• [local] Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow June 14, 2019
  Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow
• [webapps] Sitecore 8.x - Deserialization Remote Code Execution June 13, 2019
  Sitecore 8.x - Deserialization Remote Code Execution
• [local] Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation June 13, 2019
  Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
• [webapps] FusionPBX 4.4.3 - Remote Command Execution June 12, 2019
  FusionPBX 4.4.3 - Remote Command Execution
• [papers] LDAP Swiss Army Knife June 12, 2019
  LDAP Swiss Army Knife
• [local] ProShow 9.0.3797 - Local Privilege Escalation June 11, 2019
  ProShow 9.0.3797 - Local Privilege Escalation
• [webapps] WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution June 11, 2019
  WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
• [webapps] phpMyAdmin 4.8 - Cross-Site Request Forgery June 11, 2019
  phpMyAdmin 4.8 - Cross-Site Request Forgery

National Vulnerability Database

• CVE-2019-12855 June 16, 2019
  In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
• CVE-2013-7472 June 15, 2019
  The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
• CVE-2019-12839 June 15, 2019
  In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
• CVE-2019-12840 June 15, 2019
  In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
• CVE-2019-12835 June 15, 2019
  formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
• CVE-2019-12831 June 15, 2019
  In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to […]
• CVE-2019-12830 June 15, 2019
  In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
• CVE-2019-12829 June 15, 2019
  radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.
• CVE-2019-12816 June 15, 2019
  Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
• CVE-2019-9842 June 14, 2019
  madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension.