:: Deepquest ::

Concrete CMS version 9.1.3 suffers from an XPATH injection vulnerability.

This Metasploit module utilizes the Remote Control Server’s protocol to deploy a payload and run it from the server. Remote Control Collection by Steppschuh version 3.1.1.12 was tested and affected at the time of the module writing.

vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the “messageids” request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry […]

http://r10.ldd.go.th/0x.html notified by UnM@SK

XNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains.

XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.

Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.

Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability.

Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.

Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.