Concrete CMS version 9.1.3 suffers from an XPATH injection vulnerability.
Remote Control Collection Remote Code Execution
This Metasploit module utilizes the Remote Control Server’s protocol to deploy a payload and run it from the server. Remote Control Collection by Steppschuh version 3.1.1.12 was tested and affected at the time of the module writing.
vBulletin 5.5.2 PHP Object Injection
vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the “messageids” request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry […]
http://r10.ldd.go.th/0x.html
http://r10.ldd.go.th/0x.html notified by UnM@SK
XNU Dangling PTE Entry
XNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains.
XNU vm_object Use-After-Free
XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.
Chrome blink::LocalFrameView::PerformLayout Use-After-Free
Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.
Sanitization Management System 1.0 SQL Injection
Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability.
Helmet Store Showroom 1.0 SQL Injection
Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.
Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL
Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.