Spidermonkey IonMonkey can, during a bailout, leak an internal JS_OPTIMIZED_OUT magic value to the running script. This magic value can then be used to achieve memory corruption.
EquityPandit version 1.0 suffers from a password disclosure vulnerability.
Petraware pTransformer ADC versions prior to 2.1.7.22827 suffer from a remote SQL injection vulnerability that allows for login bypass.
Phraseanet DAM versions prior to 4.0.7 suffer from a cross site scripting vulnerability.
VFront version 0.99.5 suffers from multiple reflective cross site scripting vulnerabilities.
VFront version 0.99.5 suffers from a persistent cross site scripting vulnerability.
Oracle Application Testing Suite – WebLogic Server Administration Console War Deployment (Metasploit)
Tags: 0day, remote exploitSpidermonkey – IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation
Tags: 0day, remote exploitQualcomm Android – Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
Tags: 0day, remote exploit