>> CATEGORY: exploit

SC version 7.16 suffers from a stack-based buffer overflow vulnerability.

Chromium suffers from an issue where calling mojo::WrapSharedMemoryHandle is insufficient to produce read-only descriptors for IPC.

Chromium suffers from an information disclosure vulnerability via the memory_instrumentation::mojom::Coordinator interface in the resource_coordinator service.

Prisma Industriale Checkweigher PrismaWEB version 1.21 suffers from a disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication.

SecurEnvoy SecurMail version 9.1.501 suffers from cross site request forgery, cross site scripting, insecure direct object reference, missing authentication and authorization, and path traversal vulnerabilities.

Shopware versions 4.0.1 through 5.3.7 suffer from a cross site request forgery vulnerability. Malicious, third-party websites may abuse this API to list, add or remove products from a user’s cart.

Redaxo CMS Addon MyEvents version 2.2.1 suffers from a remote SQL injection vulnerability.

antMan version 0.9.0c suffers from an authentication bypass vulnerability.

This Metasploit module exploits the Eclipse Equinoxe OSGi (Open Service Gateway initiative) console fork command to execute arbitrary commands on the remote system..

WebLog Expert Web Server Enterprise version 9.4 suffers from a denial of service vulnerability.