>> ARCHIVE: 2018-05

macOS/iOS ReportCrash suffers from a mach port replacement due to failure to respect MIG ownership rules.

macOS suffers from a double mach_port_deallocate in kextd due to failure to comply with MIG ownership rules.

Tpshop versions 2.0.8 and below suffer from arbitrary file download and server-side request forgery vulnerabilities.

ASUSTOR ADM versions 3.1.0.RFQ3 and below chained exploit that leverages stored cross site scripting, cross site request forgery, path traversal, and file upload vulnerabilities.

Flexense SyncBreeze versions 10.1 through 10.7 suffer from a cross site scripting vulnerability.

Flexense DiskPulse versions 10.1 through 10.7 suffer from a cross site scripting vulnerability.

WatchGuard Access Points running firmware before version 1.2.9.15 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities.

Peel Shopping Cart version 9.0.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

This archive contains all of the 181 exploits added to Packet Storm in April, 2018.

Easy MPEG to DVD Burner version 1.7.11 local buffer overflow SEH exploit.