>> TAG: #0day

Ubuntu 18.04 – ‘lxd’ Privilege Escalation

UliCMS 2019.1 ‘Spitting Lama’ – Persistent Cross-Site Scripting

Linux/x86_64 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)

Linux/x86_64 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)

Microsoft Windows – AppX Deployment Service Local Privilege Escalation (3)

Supra Smart Cloud TV – ‘openLiveURL()’ Remote File Inclusion

IBM Websphere Application Server – Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)

LibreNMS – addhost Command Injection (Metasploit)

Zimbra < 8.8.11 – XML External Entity Injection / Server-Side Request Forgery

Google Chrome 73.0.3683.103 – ‘WasmMemoryObject::Grow’ Use-After-Free