>> CATEGORY: exploit

The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free. With a controllable data/size remote nonpaged pool spray,…

The user profile dashboard for paloaltonetworks.com suffered from a cross site request forgery vulnerability.

Dokeos versions 1.8.6.1 and 1.8.6.3 suffer from a remote file upload vulnerability via an fckeditor.

GOautodial version 4.0 suffers from a persistent cross site scripting vulnerability in the CreateEvent flow.

DIGIT CENTRIS 4 ERP suffers from a remote SQL injection vulnerability.

LayerBB version 1.1.3 suffers from a cross site request forgery vulnerability.

Hisilicon HiIpcam V100R003 suffers from a remote credential disclosure vulnerability.

macOS version 18.7.0 kernel local privilege escalation exploit that may only work on Macs before 2016.

Western Digital My Book World II NAS versions 1.02.12 and below have a hard-coded ssh credential that allows for remote command execution.