Staubli Jacquard Industrial System JC6 Shellshock
Posted by deepcore under exploit (No Respond)
Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.
Archive for September, 2018
Antidote 9.5.1 Code Execution
Posted by deepcore under exploit (No Respond)
Antidote versions 9.5.1 and below suffer from an update related code execution vulnerability.
MyBB Visual Editor 1.8.18 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
MyBB Visual Editor versions 1.8.18 and below suffer from a cross site scripting vulnerability.
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
Posted by deepcore under exploit (No Respond)
On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:windowstasks because the scheduler does not use impersonation when checking this location. Since users can create files in the c:windowstasks folder, a hardlink can be created to […]
NICO-FTP 3.0.1.19 Buffer Overflow
Posted by deepcore under exploit (No Respond)
NICO-FTP version 3.0.1.19 SEH buffer overflow exploit.
WebRTC FEC Out-Of-Bounds Read
Posted by deepcore under exploit (No Respond)
There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.
WebRTC VP9 Processing Use-After-Free
Posted by deepcore under exploit (No Respond)
There is a use-after-free vulnerability in VP9 processing in WebRTC.
[webapps] Collectric CMU 1.0 – 'lang' SQL injection
Posted by deepcore under Security (No Respond)
[dos] WebRTC – VP9 Processing Use-After-Free
Posted by deepcore under Security (No Respond)
[dos] WebRTC – FEC Out-of-Bounds Read
Posted by deepcore under Security (No Respond)