The HP System Event service “HPMSGSVC.exe” will load an arbitrary EXE and execute it with SYSTEM integrity. HPMSGSVC.exe runs a background process that delivers push notifications. The problem is that the HP Message Service will load and execute any arbitrary executable named “Program.exe” if it is found in the user’s c: drive.
WordPress Wordfence plugin version 7.4.5 suffers from a file disclosure vulnerability.
WordPress Tutor plugin version 1.5.3 suffers from a local file inclusion vulnerability.
The Samsung kernel has logic bug and locking issues in PROCA that can lead to use-after-free and double-free issues from an application’s context.
Samsung suffers from a use-after-free vulnerability due to a missing lock in the SEND_FILE_WITH_HEADER handler in f_mtp_samsung.c.
PANDORAFMS 7.0 – Authenticated Remote Code Execution
Tags:
0day,
remote exploit
OpenTFTP 1.66 – Local Privilege Escalation
Tags:
0day,
remote exploit
WordPress Plugin tutor.1.5.3 – Local File Inclusion
Tags:
0day,
remote exploit
WordPress Plugin tutor.1.5.3 – Persistent Cross-Site Scripting
Tags:
0day,
remote exploit
Torrent iPod Video Converter version 1.51 suffers from a stack overflow vulnerability.