>> ARCHIVE: 2015-09

Install.framework has a suid root binary at /System/Library/PrivateFrameworks/Install.framework/Resources/runner that allows for arbitrary mkdir, unlink, and chown.

The private Install.framework has a few helper executables in /System/Library/PrivateFrameworks/Install.framework/Resources, one of which is suid root and exploitable.

Typo3 CMS versions 6.2.14 and below and 4.5.40 and below suffer from a cross site scripting vulnerability.

The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same time. By connecting two…

Openfire version 3.10.2 suffers from a cross site request forgery vulnerability.

IKEView.exe is vulnerable to local stack based buffer overflow when parsing an malicious (internet key exchange) “.elg” file. Vulnerability causes nSEH & SEH pointer overwrites at 4432 bytes after IKEView…

NC220 and NC200 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials (root:root) are never exposed to the end-user and cannot be changed through any normal operation…

Bolt CMS contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This Metasploit module was tested on version 2.2.4.

This Metasploit module exploits a vulnerability in Windows Media Center. By supplying an UNC path in the *.mcl file, a remote file will be automatically downloaded, which can result in…

Openfire version 3.10.2 suffers from multiple persistent and reflective cross site scripting vulnerabilities.