>> ARCHIVE: 2019-01

CF Image Hosting Script version 1.6.5 suffers from a privilege escalation vulnerability.

WordPress MapSVG Lite plugin version 3.2.3 suffers from a cross site request forgery vulnerability.

Dolibarr ERP-CRM version 8.0.4 suffers from a remote SQL injection vulnerability.

Mantis version 2.11.1 suffers from a cross site scripting vulnerability.

ZenPhoto version 1.4.14 suffers from multiple cross site scripting vulnerabilities.

Microsoft Windows suffers from a privilege escalation vulnerability. The Data Sharing Service does not has a TOCTOU in PolicyChecker::CheckFilePermission resulting in an arbitrary file deletion.

Polkit suffers from a temporary auth hijacking vulnerability via PID reuse and a non-atomic fork.

Wireshark suffers from a get_t61_string heap out-of-bounds read vulnerability.

This Metasploit module exploits the command injection vulnerability of MailCleaner Community Edition product. An authenticated user can execute an operating system command under the context of the web server user…