>> CATEGORY: Security

Nominas 0.27 – ‘username’ SQL Injection

Linux/x64 – Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

Microsoft Windows 10 (Build 17134) – Local Privilege Escalation (UAC Bypass)

PlayJoom 0.10.1 – ‘catid’ SQL Injection

OpenSLP 2.0.0 – Multiple Vulnerabilities

FaceTime – ‘VCPDecompressionDecodeFrame’ Memory Corruption

blueimp’s jQuery 9.22.0 – (Arbitrary) File Upload (Metasploit)

Morris Worm – sendmail Debug Mode Shell Escape (Metasploit)

FaceTime – ‘readSPSandGetDecoderParams’ Stack Corruption

FaceTime – RTP Video Processing Heap Corruption