>> CATEGORY: exploit

This Metasploit module utilizes the Remote Control Server’s protocol to deploy a payload and run it from the server. Remote Control Collection by Steppschuh version 3.1.1.12 was tested and affected…

vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the “messageids” request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call…

XNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains.

XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.

Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.

Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability.

Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.

Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.

Win32.Ransom.Conti ransomware fails to encrypt non PE files that have a “.exe” in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.

Backdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.