2021
09.28

Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.

more details here.

2021
09.28

Zero day exploit for nehelper on iOS 15.0 that allows any user-installed application to determine whether any application is installed on the device given its bundle ID.

more details here.

2021
09.28

Zero day exploit for Nehelper Wifi Info on iOS 15.0. XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, the com.apple.developer.networking.wifi-info entitlement check is skipped. This makes it possible for any qualifying application (e.g. possessing location access authorization) to gain access to Wifi information without the required entitlement. This happens in -[NEHelperWiFiInfoManager checkIfEntitled:] in /usr/libexec/nehelper.

more details here.

2021
09.28

Apache James Server 2.3.2 – Remote Command Execution (RCE) (Authenticated) (2)

more details here.

2021
09.28

WordPress Plugin Popup 1.10.4 – Reflected Cross-Site Scripting (XSS)

more details here.

2021
09.28

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – ‘Add Admin’ Cross-Site Request Forgery (CSRF)

more details here.

2021
09.28

WordPress Plugin Ultimate Maps 1.2.4 – Reflected Cross-Site Scripting (XSS)

more details here.

2021
09.28

WordPress Plugin Contact Form 1.7.14 – Reflected Cross-Site Scripting (XSS)

more details here.

2021
09.28

WordPress Plugin TranslatePress 2.0.8 – Stored Cross-Site Scripting (XSS) (Authenticated)

more details here.

2021
09.28

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – Hidden Backdoor Account (Write Access)

more details here.