>> CATEGORY: exploit

Typo3 CMS Realty Manager tx_realty_pi1 version 2.0.0 suffers from database disclosure and remote SQL injection vulnerabilities.

WordPress WooCommerce plugin with GloBee cryptocurrency payment gateway versions 1.1.1 and below suffer from payment bypass and unauthorized order status spoofing vulnerabilities.

Typo3 CMS T3 EasyEvent tx_easyevent_pi1 version 0.37.3 suffers from a remote SQL injection vulnerability.

Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.

This write up contains details on how to perform remote code execution within Jenkins.

Typo3 CMS Shop System tt_products version 2.9.4 suffers from a remote SQL injection vulnerability.

MaxxAudio Drivers WavesSysSvc64.exe version 1.6.2.0 suffers from a file permission privilege escalation vulnerability that results in SYSTEM level access.

FaceTime suffers from a memory corruption vulnerability in texture processing.

On Android, a ptrace hold makes the seccomp filter useless on devices with a kernel with a version lower than 4.8.

This Metasploit module has been tested on a Wemo-enabled Crock-Pot, but other Wemo devices are known to be affected, albeit on a different RPORT (49153).