>> CATEGORY: exploit

Linux 4.4 suffers from a use-after-free vulnerability in double-fdput().

Local privilege escalation exploit for Qualcomm’s Secure Execution Environment (QSEE) that leverages PRDiag* commands.

WordPress Export to Ghost suffers from an unrestricted export download vulnerability.

access.redhat.com suffered from a cross site scripting vulnerability.

WordPress Advanced Custom Fields plugin version 4.4.7 suffers from a cross site scripting vulnerability.

Acunetix WVS 10 remote command execution exploit that gains SYSTEM privileges.

Multiple crashes exist in the ASAN build of Wireshark due to a static out-of-bounds memory read while accessing ett_zbee_zcl_pwr_prof_enphases.

An assertion failure has been discovered in alloc_address_wmem in the ASAN build of Wireshark.

The included proof of concept causes a crash due to a stack-based buffer overflow in Wireshark in dissect_2008_16_security_4.

This archive contains all of the 144 exploits added to Packet Storm in April, 2016.