An independent vulnerability laboratory researcher discovered a filter bypass and persistent vulnerability in the official Trend Micro DirectPass web-application.
>> AUTHOR: deepcore
An independent vulnerability laboratory research group discovered a sql injection web vulnerability in the official New Era Company content management system (2016-Q1).
Secure Item Hub version 1.0 suffers from input validation, code execution, and remote file upload vulnerabilities.
This proof of concept demonstrates the Android Libstagefright heap buffer overflow that occurs due to an integer overflow in MP3 ID3 tag parsing.
Opening userclient type 12 of IOSCSIPeripheralDeviceType00 leads to an exploitable kernel NULL dereference.
The iOS kernel suffers from a use-after-free vulnerability in AppleOscarCompass.
Wireshark suffers from a heap-based out-of-bounds read in Nettrace_3gpp_32_423_file_open.
Kleefa version 1.7 suffers from cross site scripting and remote SQL injection vulnerabilities.
The _ool variations of the IOKit device.defs functions all incorrectly deal with error conditions. If you run the mig tool on device.defs you can see the source of the kernel-side…