KVM instruction emulation can run while KVM_VCPU_PREEMPTED is set, which can lead other vcpus to skip sending TLB flush IPIs. As a consequence, KVM instruction emulation can access memory through stale translations when the guest kernel thinks it has flushed all cached translations. This could potentially be used by unprivileged userspace inside a guest to […]
AeroCMS 0.0.1 SQL Injection
AeroCMS version 0.0.1 suffers from a remote SQL injection vulnerability.
http://ss-muni.go.th/index.php
http://ss-muni.go.th/index.php notified by ./Niz4r
http://tambonbansong.go.th/index.php
http://tambonbansong.go.th/index.php notified by ./Niz4r
http://www.khokyanglocal.go.th/index.php
http://www.khokyanglocal.go.th/index.php notified by ./Niz4r
http://donmuang-local.go.th/index.php
http://donmuang-local.go.th/index.php notified by ./Niz4r
Xalan-J XSLTC Integer Truncation
The Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.
http://www.sungnoenabt.go.th/read.html
http://www.sungnoenabt.go.th/read.html notified by ./Niz4r
Zimbra Zip Path Traversal
This Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory, then executes it. The core vulnerability is a path traversal issue in Zimbra Collaboration Suite’s ZIP implementation that can result in the extraction of an […]
Arm Mali CSF VMA Split Mishandling
In the Arm Mali driver’s handling of CSF user I/O mappings, VMA splitting is handled incorrectly, leading to a page being given back to the kernel’s page allocator while it is still mapped into userspace. On devices with recent Mali GPUs that support CSF, this is a security bug that should be very straightforward to […]