Mac OS and iOS kernels suffer from a memory corruption vulnerability due to a userspace pointer being used as a length.
>> CATEGORY: exploit
HTTP_Upload version 1.0.0b3 fails to appropriately take into consideration more than file extensions when mitigating malicious file uploads, allowing for remote code execution.
Cisco WebEx version 1.0.5 suffers from a new arbitrary command execution vulnerability via a module whitelist bypass.
Mac OS / iOS kernels suffers from a use-after-free due to a lack of locking in host_self_trap.
Android suffers from a KASLR bypass in pm_qos.
Web Based TimeSheet Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
PHPback versions prior to 1.3.1 suffer from cross site scripting and remote SQL injection vulnerabilities.
Man-db version 2.6.7.1 suffers from a privilege escalation vulnerability.
GNU Screen version 4.5.0 suffers from a local privilege escalation vulnerability.
This Metasploit module affects Geutebrueck GCore versions 1.3.8.42 and 1.4.2.37, which suffer from a remote code execution vulnerability.