>> CATEGORY: exploit

LW-N605R devices allow remote code execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the…

Microsoft Baseline Security Analyzer version 2.3 suffers from an XML external entity injection vulnerability.

Linux suffers from an insufficient shootdown for paging-structure caches.

This write up holds the details for the Tor Browser information disclosure vulnerability as discussed in CVE-2017-16541. Version 7.0.8 is affected.

Easy File Sharing Web Server version 6.9 POST msg.ghp UserID remote buffer overflow SEH exploit with DEP bypass and ROP.

Android suffers from a privilege escalation vulnerability in zygote that can be leveraged by CVE-2018-9445.

Tor Browser version 7.x suffers from a NoScript bypass vulnerability.

DVD Photo Slideshow Professional version 8.07 suffers from a buffer overflow vulnerability.

iSmartViewPro version 1.5 suffers from a buffer overflow vulnerability.

MedDream PACS Server Premium version 6.7.1.1 suffers from a remote SQL injection vulnerability.