Neos CMS version 2.0.3 suffers from cross site scripting and remote shell upload vulnerabilities.
>> AUTHOR: deepcore
KNX management software ETS version 4.1.5 build 3246 suffers from a buffer overflow vulnerability that allows for remote code execution.
An independent vulnerability laboratory researcher discovered a remote sql injection web vulnerability in the official CIS Manager Content Management System.
The attached testcase crashes Window 7 32-bit with Special Pool enabled on win32k.sys due to a use-after-free condition. The bug appears to be a race condition between two threads and…
The Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.
The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.
The attached testcase crashes Windows 7 32-bit due to a pool buffer overflow in an ioctl handler. Enabling special on ndis.sys netio.sys and ntoskrnl helps to track down the issue,…
The 3D Vision service nvSCPAPISvr.exe installed as part of typical driver installations runs at Local System and has an insecure named pipe server. One of the commands in the server…
The attached poc crashes 32-bit Windows 7 with a screen resolution of 1024×768 and 32bit color depth. The crash occurs during a memmove operation while copying the cursor content from…
SAP Sybase Adaptive Server Enterprise XML External Entity Information Disclosure Vulnerability