QEMU version 2.10 suffers from an NBD server long export name stack buffer overflow vulnerability. This was introduced with commit f37708f6b8.
Synology StorageManager 5.2 Remote Command Execution
Synology StorageManager version 5.2 suffers from a remote root command execution vulnerability in smart.cgi.
Asterisk 13.17.2~dfsg-2 Memory Exhaustion
Asterisk version 13.17.2~dfsg-2 suffers from a remote unauthenticated memory exhaustion vulnerability.
Mac OS X Root Privilege Escalation
This Metasploit module exploits a serious flaw in Mac OS X High Sierra. Any user can login with user “root”, leaving an empty password.
http://www.bantakhospital.go.th
http://www.bantakhospital.go.th notified by The WTJ
[local] macOS High Sierra – Root Privilege Escalation (Metasploit)
macOS High Sierra – Root Privilege Escalation (Metasploit)
[webapps] Jobs2Careers / Coroflot Clone – SQL Injection
Jobs2Careers / Coroflot Clone – SQL Injection
[dos] Linux Kernel – 'The Huge Dirty Cow' Overwriting The Huge Zero Page
Linux Kernel – ‘The Huge Dirty Cow’ Overwriting The Huge Zero Page
Android Gmail Attachment Download Directory Traversal
There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gmail app can access.
HikVision Wi-Fi IP Camera Wireless Access Point State
HikVision Wi-Fi IP cameras come with a default SSID “davinci”, with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won’t be adjusted, and a rogue AP […]