The Intel Content Protection HECI Service exposes a DCOM object to all users and most sandboxes (such as Edge LPAC and Chrome GPU). It has a type confusion vulnerability which…
>> CATEGORY: exploit
BrightSign Digital Signage suffers from cross site scripting, directory traversal, and file upload vulnerabilities.
Joomla! NextGen Editor component version 2.1.0 suffers from a remote SQL injection vulnerability.
The nsd binary shipping with multiple camera security systems suffers from a format string vulnerability.
Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution.
The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough…
WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability.
The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this…
WordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability.
There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is…