>> CATEGORY: exploit

74CMS version 5.0.1 suffers from a cross site request forgery vulnerability.

The Siemens R3964 line discipline code in drivers/tty/n_r3964.c has a few races around its ioctl handler; for example, the handler for R3964_ENABLE_SIGNALS just allocates and deletes elements in a linked…

Sony Smart TVs suffer from information disclosure and arbitrary file read vulnerabilities.

The hardened VirtualBox process on a Windows host does not secure its COM interface leading to arbitrary code injection and elevation of privilege.

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated…

Ross Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary…

Google Chrome version 73.0.3683.103 V8 JavaScript Engine out-of-memory in invalid table size denial of service proof of concept exploit.

Ease Audio Converter version 5.30 .mp4 denial of service proof of concept exploit.

WordPress Contact Form Builder plugin version 1.0.67 suffers from cross site request forgery and local file inclusion vulnerabilities.

ChurchCRM Software version 3.3.2 suffers from a database disclosure vulnerability.