>> TAG: #0day

AIDA64 Extreme 5.99.4900 – ‘Logging’ SEH Buffer Overflow

WordPress Plugin Contact Form Maker 1.13.1 – Cross-Site Request Forgery

WordPress 5.0.0 – Crop-image Shell Upload (Metasploit)

Magic ISO Maker 5.5(build 281) – ‘Serial Code’ Denial of Service (PoC)

AIDA64 Engineer 5.99.4900 – ‘Load from file’ Field Buffer Overflow (SEH)

FreeSMS 2.1.2 – SQL Injection (Authentication Bypass)

Google Chrome 72.0.3626.96 / 74.0.3702.0 – ‘JSPromise::TriggerPromiseReactions’ Type Confusion

WebKit JavaScriptCore – ‘createRegExpMatchesArray’ Type Confusion

iOS < 12.2 / macOS < 10.14.4 XNU – pidversion Increment During execve is Unsafe

WebKit JavaScriptCore – Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check