>> CATEGORY: Security

WordPress Plugin Search Meter 2.13.2 – CSV injection

Sysaid 20.1.11 b26 – Remote Command Execution

YzmCMS 5.5 – ‘url’ Persistent Cross-Site Scripting

Persian VIP Download Script 1.0 – ‘active’ SQL Injection

60CycleCMS – ‘news.php’ SQL Injection

Sentrifugo HRMS 3.2 – ‘id’ SQL Injection

Google Chrome 72 and 73 – Array.map Out-of-Bounds Write (Metasploit)

Google Chrome 67, 68 and 69 – Object.create Type Confusion (Metasploit)

OpenSMTPD – OOB Read Local Privilege Escalation (Metasploit)

Google Chrome 80 – JSCreate Side-effect Type Confusion (Metasploit)