Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
JavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.
The Microsoft Windows kernel’s Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.
XNU suffers from a wild-read (and possible corruption) due to bad cast in stf_ioctl.
Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not been confirmed. An attacker can whitelist domains and/or change core Darktrace configuration.
Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.
XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach.
This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently performs whitelist check which can be bypassed to trigger an object injection. An attacker can leverage this to […]
This Metasploit module exploits a race condition vulnerability in Mac’s Feedback Assistant. A successful attempt would result in remote code execution under the context of root.
This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.