>> CATEGORY: exploit

Microsoft Windows task scheduler .job import arbitrary DACL write proof of concept exploit.

Blue Prism Robotic Process Automation (RPA) versions prior to 6.5.0.12573 suffer from a privilege escalation vulnerability.

Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform….

JavaScriptCore loop-invariant code motion (LICM) in DFG JIT leaves a stack variable uninitialized.

The Microsoft Windows kernel’s Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

XNU suffers from a wild-read (and possible corruption) due to bad cast in stf_ioctl.

Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not…

Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.

XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach.