>> CATEGORY: exploit

Backdoor.Win32.Delf.ps malware suffers from an information leakage vulnerability.

Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability.

Message System version 1.0 suffers from a persistent cross site scripting vulnerability.

Message System version 1.0 suffers from a remote SQL injection vulnerability that can lead to remote code execution.

Medical Hub Directory Site version 1.0 suffers from a remote blind SQL injection vulnerability. This research was submitted on the same day Packet Storm received similar findings from Saud Alenazi.

Spoofer version 1.4.6 suffers from an unquoted service path vulnerability that can lead to privilege escalation.

EG Free AntiVirus version 2020 suffers from an unquoted service path vulnerability that can lead to privilege escalation.

Chrome has an issue where a malformed message sent to DeserializeFromMessage may trigger deserialization of out-of-bounds data.

IdeaRE RefTree versions prior to 2021.09.17 suffer from a remote shell upload vulnerability.