Microsoft Authorization Manager version 6.1.7601 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
>> CATEGORY: exploit
Alcatel Lucent Omnivista 8770 suffers from a remote code execution vulnerability.
Microsoft Event Viewer version 1.0 suffers from an XML external entity (XXE) injection vulnerability that allows for file exfiltration.
Apache CouchDB sets weak file permissions potentially allowing ‘Standard’ Windows users to elevate privileges. The “nssm.exe” (Apache CouchDB) executable can be replaced by a ‘Standard’ non administrator user, allowing them…
Apache ActiveMQ versions 5.11.1 and 5.13.2 suffer from command execution and directory traversal vulnerabilities.
Xfinity Gateway suffers from a remote code execution vulnerability.
The code in IOMXNodeInstance.cpp that handles enableNativeBuffers uses port_index without validation, leading to writing the dword value 0 or 1 at an attacker controlled offset from the IOMXNodeInstance structure.
Microsoft Edge has an information leak in JSON.parse. If this function is called with a reviver, and the reviver modifies the output object to contain a native array, the Walk…
Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code…
A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge.