Transposh WordPress Translation versions 1.0.8.1 and below suffer from an incorrect authorization vulnerability.
>> CATEGORY: exploit
FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed…
Polar Flow for Android version 5.7.1 stores the username and password in clear text in a file on mobile devices.
Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backup_file to the…
FLIR AX8 versions 1.46.16 and below unauthenticated remote OS command injection exploit.
Chrome suffers from a heap use-after-free vulnerability in content::ServiceWorkerVersion::MaybeTimeoutRequest. Google Chrome version 103.0.5060.53 and Chromium version 105.0.5134.0 are affected.
Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backup_file to the…
TypeORM version 0.3.7 suffers from an information disclosure vulnerability.
Whitepaper called Race Against the Sandbox – Root Cause Analysis of a Tianfu Cup bug that used a Ntoskrnl bug to escape the Google Chrome sandbox.