PaperCut NG/MG version 22.0.4 remote code execution exploit.
1539d637da722a1ee7e83cceb9ee205cf15d43f93160ae5fe247b21150b68f96
Sentry version 8.2.0 suffers from a remote code execution vulnerability.
249a158d8d8fa5fc36aa401e15b178e9c7c839ad3d347fa1790f3273f16a0db9
WordPress Survey and Poll plugin version 1.5.7.3 suffers from a remote SQL injection vulnerability.
129fb47ac28160addde015299133df4a0bd8911d83a61bdced0936ef548d2245
GitLab version 11.4.7 authenticated remote code execution exploit.
a366323b7d7d1eea7a69c2b0ccda38033cdfe86c919d53827d40042fd3be1f7d
TVT NVMS 1000 suffers from a directory traversal vulnerability.
2923a9669c7e61abeb52bfe3a242caed49ec5d9e3c54eb57d7fc565fcc5534ec
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
506feee71f53fac76413f6d8f5b4cad88bddee539003ffcdf0c54f19b9a741ec
sudo version 1.8.28 suffers from a security bypass vulnerability.
ec35a5c3501bc30592776b4e452cfc692b4f63c07d8cfcfbaac9a2658edd5f5a