KVM instruction emulation can run while KVM_VCPU_PREEMPTED is set, which can lead other vcpus to skip sending TLB flush IPIs. As a consequence, KVM instruction emulation can access memory through stale translations when the guest kernel thinks it has flushed all cached translations. This could potentially be used by unprivileged userspace inside a guest to […]
AeroCMS version 0.0.1 suffers from a remote SQL injection vulnerability.
http://ss-muni.go.th/index.php notified by ./Niz4r
Tags: defacementhttp://tambonbansong.go.th/index.php notified by ./Niz4r
Tags: defacementhttp://www.khokyanglocal.go.th/index.php notified by ./Niz4r
Tags: defacementhttp://donmuang-local.go.th/index.php notified by ./Niz4r
Tags: defacementThe Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.
http://www.sungnoenabt.go.th/read.html notified by ./Niz4r
Tags: defacementThis Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory, then executes it. The core vulnerability is a path traversal issue in Zimbra Collaboration Suite’s ZIP implementation that can result in the extraction of an […]
In the Arm Mali driver’s handling of CSF user I/O mappings, VMA splitting is handled incorrectly, leading to a page being given back to the kernel’s page allocator while it is still mapped into userspace. On devices with recent Mali GPUs that support CSF, this is a security bug that should be very straightforward to […]