Ubiquiti UniFi AP AC Lite version 5.2.7 allows for direct modification of the database with no authentication.
CompTIA Information Disclosure
The CompTIA ticketing system allows for personal information disclosure via just knowing someone’s email address.
Joomla DVFolderContent 1.0.2 Local File Disclosure
Joomla DVFolderContent module version 1.0.2 suffers from a local file disclosure vulnerability.
Android Pointer Leak
Android suffers from a pointer leak via insufficient binder message verification.
Adobe Flash MP4 Processing Overflow
Adobe Flash suffers from an overflow vulnerability when processing MP4 files.
Adobe Flash AVC Slice Decoding Crash
Adobe Flash suffers from an AVC slice decoding crash.
Ghostscript -dSAFER Not Working
The ghostscript -dSAFER parameter that is used when handling untrusted documents appears broken on multiple distributions. This could result in arbitrary file disclosure on systems that process pdf, ps, use ImageMagick or graphicsmagick, etc.
Packet Storm New Exploits For September, 2016
This archive contains all of the 178 exploits added to Packet Storm in September, 2016.
Windows Capcom.sys Kernel Execution Exploit (x64 only)
This Metasploit module abuses the Capcom.sys kernel driver’s function that allows for an arbitrary function to be executed in the kernel from user land. This function purposely disables SMEP prior to invoking a function given by the caller. This has been tested on Windows 7 x64.