Mac OS / iOS host_self_trap Use-After-Free
Posted by deepcore under exploit (No Respond)
Mac OS / iOS kernels suffers from a use-after-free due to a lack of locking in host_self_trap.
Archive for January, 2017
Android pm_qos KASLR Bypass
Posted by deepcore under exploit (No Respond)
Android suffers from a KASLR bypass in pm_qos.
Web Based TimeSheet Script SQL Injection
Posted by deepcore under exploit (No Respond)
Web Based TimeSheet Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
PHPback Cross Site Scripting / SQL Injection
Posted by deepcore under exploit (No Respond)
PHPback versions prior to 1.3.1 suffer from cross site scripting and remote SQL injection vulnerabilities.
Man-db 2.6.7.1 Privilege Escalation
Posted by deepcore under exploit (No Respond)
Man-db version 2.6.7.1 suffers from a privilege escalation vulnerability.
GNU Screen 4.5.0 Privilege Escalation
Posted by deepcore under exploit (No Respond)
GNU Screen version 4.5.0 suffers from a local privilege escalation vulnerability.
Geutebrueck GCore 1.3.8.42 / 1.4.2.37 Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module affects Geutebrueck GCore versions 1.3.8.42 and 1.4.2.37, which suffer from a remote code execution vulnerability.
Haraka Remote Command Execution
Posted by deepcore under exploit (No Respond)
Haraka versions prior to 2.8.9 suffer from a remote command execution vulnerability.
Autodesk Backburner Manager 3 Denial Of Service
Posted by deepcore under exploit (No Respond)
Autodesk Backburner Manager 3 versions prior to 2016.0.0.2150 suffers from a null dereference denial of service vulnerability.
Polycom VVX Web Interface Privilege Escalation
Posted by deepcore under exploit (No Respond)
The Polycom VVX web interface allows a user to change an admin’s password.