XNU Missing Locking Race Condition
Posted by deepcore under exploit (No Respond)
XNU has an issue where missing locking in checkdirs_callback() enables a race condition with fchdir_common().
Archive for November, 2019
html5_snmp 1.11 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
html5_snmp version 1.11 suffers from a persistent cross site scripting vulnerability.
html5_snmp 1.11 SQL Injection
Posted by deepcore under exploit (No Respond)
html5_snmp version 1.11 suffers from a remote SQL injection vulnerability.
[webapps] Smartwares HOME easy 1.0.9 – Database Backup Information Disclosure
Posted by deepcore under Security (No Respond)
[webapps] Smartwares HOME easy 1.0.9 – Client-Side Authentication Bypass
Posted by deepcore under Security (No Respond)
[local] QNAP NetBak Replicator 4.5.6.0607 – 'QVssService' Unquoted Service Path
Posted by deepcore under Security (No Respond)
[local] Wacom WTabletService 6.6.7-3 – 'WTabletServicePro' Unquoted Service Path
Posted by deepcore under Security (No Respond)
Microsoft Office365 Integrity Validation / Remote Code Execution
Posted by deepcore under exploit (No Respond)
Microsoft Office365 suffers from an issue where auto-execution of macro-enabled office documents can be leveraged simply by the file having the same name as a prior document with permissions.
Launch Manager 6.1.7600.16385 Unquoted Service Path
Posted by deepcore under exploit (No Respond)
Launch Manager version 6.1.7600.16385 suffers from a DsiWMIService unquoted service path vulnerability.
Ayukov NFTP 1.71 Buffer Overflow
Posted by deepcore under exploit (No Respond)
Ayukov NFTP client version 1.71 suffers from a SYST buffer overflow vulnerability.
