>> ARCHIVE: 2019-02

This archive contains all of the 327 exploits added to Packet Storm in January, 2019.

…

Joomla Rokin RokGallery component version 3.2.6 suffers from a remote SQL injection vulnerability.

Joomla SimplestForum component version 1.5 suffers from a remote SQL injection vulnerability.

Joomla XMap component version 2.3.0 suffers from database disclosure and remote SQL injection vulnerabilities.

Joomla Zoo by YooTheme component version 3.3.10 suffers from database disclosure and remote SQL injection vulnerabilities.

libxpc on MacOS version 10.14.1 suffers from an arbitrary mach port name deallocation in XPC services due to invalid mach message parsing in _xpc_serializer_unpack.

iOS and MacOS suffers from sandbox escape vulnerabilities due to type confusions and memory safety issues in iohideventsystem.

XNU suffers from a copy-on-write behavior bypass via partial-page truncation of file.

XNU vm_map_copy optimization which requires atomicity is not atomic. This violates the semantics of mach message OOL memory, and leads to TOCTOU issues which can lead to memory corruption.