XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.

Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.

Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability.

Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.

Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.

Win32.Ransom.Conti ransomware fails to encrypt non PE files that have a “.exe” in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.

Backdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.

Ecommerce version 1.0 suffers from cross site scripting and open redirection vulnerabilities.

This Metasploit module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root…

This Metasploit module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root…