Linux VMA Use-After-Free
Posted by deepcore under exploit (No Respond)
Linux suffers from a VMA use-after-free vulnerability via a buggy vmacache_flush_all() fastpath.
Archive for September, 2018
TransMac 12.2 Denial Of Service
Posted by deepcore under exploit (No Respond)
TransMac version 12.2 suffers from a denial of service vulnerability.
CrossFont 7.5 Denial Of Service
Posted by deepcore under exploit (No Respond)
CrossFont version 7.5 suffers from a denial of service vulnerability.
tekno.Portal 0.1b Cross Site Scripting
Posted by deepcore under exploit (No Respond)
tekno.Portal version 0.1b suffers from a cross site scripting vulnerability.
Linux create_elf_tables() Integer Overflow
Posted by deepcore under exploit (No Respond)
Linux suffers from an integer overflow vulnerability in create_elf_tables(). Multiple exploits provided.
WordPress WP Insert 2.4.2 Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
WordPress WP Insert plugin versions 2.4.2 and below suffer from a remote file upload vulnerability.
Progress Kendo UI Editor 2018.1.221 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Progress Kendo UI Editor version 2018.1.221 suffers from a persistent cross site scripting vulnerability.
Citrix StorageZones Controller Improper Access Restrictions / Traversal
Posted by deepcore under exploit (No Respond)
Citrix StorageZones Controller versions prior to 5.4.2 suffer from padding oracle, improper access restriction, and path traversal vulnerabilities.
CMS ISWEB 3.5.3 SQL Injection
Posted by deepcore under exploit (No Respond)
CMS ISWEB version 3.5.3 suffers from a remote SQL injection vulnerability.
[webapps] ManageEngine Desktop Central 10.0.271 – Cross-Site Scripting
Posted by deepcore under Security (No Respond)