RealTerm Serial Terminal version 2.0.0.70 suffers from an echo port buffer overflow vulnerability. Modifications to the original proof of concept include the fact that it uses a larger payload size…
>> CATEGORY: exploit
Android suffer from a binder use-after-free via a racy initialization of ->allow_user_free.
getpidcon() usage in hardware binder servicemanager on Android permits ACL bypass.
It was discovered that virtual address 0 is mappable via privileged write() to /proc/*/mem on Linux.
This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was…
This Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command…
ClearOS 7 Community Edition suffers from a cross site scripting vulnerability.
This Metasploit module uses the su binary present on rooted devices to run a payload as root. A rooted Android device will contain a su binary (often linked with an…
This Metasploit module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault…
Xoops version 1.0.2 with PD-Links module version 1.0 suffers from a database disclosure vulnerability.