http://www.chainatpao.go.th/images/funk.gif notified by Imam   Read the rest of the entry...

This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.   Read the rest of the entry...

WebKit JIT int32/double arrays can have proxy objects in the prototype chains.   Read the rest of the entry...

Linux userfaultfd bypasses tmpfs file permissions.   Read the rest of the entry...

PrinterOn Enterprise version 4.1.4 suffers from an arbitrary file deletion vulnerability.   Read the rest of the entry...

LanSpy version 2.0.1.159 suffers from a local buffer overflow vulnerability.   Read the rest of the entry...

SmartFTP Client version 9.0.2623.0 suffers from a denial of service vulnerability.   Read the rest of the entry...

Alumni Tracer SMS version Notification suffers from cross site request forgery and remote SQL injection vulnerabilities.   Read the rest of the entry...

Tourism Website version Blog suffers from code execution and remote SQL injection vulnerabilities.   Read the rest of the entry...

PrestaShop versions 1.6.x and 1.7.x suffer from a remote code execution vulnerability.   Read the rest of the entry...