OrientDB 3.0.17 GA Community Edition – Cross-Site Request Forgery / Cross-Site Scripting
>> TAG: #0day
OrientDB 3.0.17 GA Community Edition – Cross-Site Request Forgery / Cross-Site Scripting
Linux/x86 – INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)
Imperva SecureSphere 13.x – ‘PWS’ Command Injection (Metasploit)
Kados R10 GreenBee – Multiple SQL Injection
QNAP TS-431 QTS < 4.2.2 – Remote Command Execution (Metasploit)
Anyburn 4.3 x86 – ‘Copy disc to image file’ Buffer Overflow – (UNICODE)(SEH)
FreeBSD – Intel SYSRET Privilege Escalation (Metasploit)
Drupal < 8.5.11 / < 8.6.10 – RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Android – binder Use-After-Free via racy Initialization of ->allow_user_free
Linux < 4.20.14 – Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem