The IMemory interface in frameworks/native/libs/binder/IMemory.cpp, used primarily by the media services can be tricked to return arbitrary memory locations leading to information disclosure or memory corruption.
>> CATEGORY: exploit
Hikvision Digital Video Recorder versions LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, and DS-7204HVI-SH suffer from a cross site request forgery vulnerability.
AccelSite Content Manager version 1.0 suffers from a remote SQL injection vulnerability.
Monsta Box WebFTP suffers from an arbitrary file read vulnerability.
Apple Intel HD 3000 graphics driver version 10.0.0 suffers from a local privilege escalation vulnerability.
An independent vulnerability laboratory researcher discovered a remote sql-injection vulnerability in the official WordPress Multiple Meta Box v1.0 plugin.
An independent vulnerability laboratory researcher discovered multiple sql-injection vulnerabilities in the AccelSite Content Manager v1.0 Content Management System.
SIDU version 5.3 database web gui suffers from multiple cross site scripting vulnerabilities.
SIDU version 5.2 database web gui suffers from multiple cross site scripting vulnerabilities.
One change in Windows 8.1 from Windows 7 is the introduction of the console driver (condrv.sys) which is responsible for handling the management of consoles. It contains a method, CdpLaunchServerProcess…