>> CATEGORY: exploit

This function, reached through ioctl VS4L_VERTEXIOC_QBUF in the Samsung kernel, has an error case that cannot function correctly. It reads in an array of pointers from userspace and in-place replaces…

Chrome suffers from a heap use-after-free vulnerability in DesktopMediaPickerController::WebContentsDestroyed.

SpotFTP-FTP Password Recover version 2.4.8 suffers from a denial of service vulnerability.

WordPress WooCommerce CardGate Payment Gateway plugin version 3.1.15 suffers from a payment process bypass vulnerability.

aSc TimeTables version 2020.11.4 suffers from a denial of service vulnerability.

Magento WooCommerce CardGate Payment Gateway version 2.0.30 suffers from a payment process bypass vulnerability.

Odin Secure FTP Expert version 7.6.3 suffers from a denial of service vulnerability.

Astak CM-818T3 2.4GHz wireless security surveillance camera remote configuration disclosure exploit.

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD’s mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root’s password hash in /etc/master.passwd)…

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.