>> TAG: #0day

Blueimp’s jQuery File Upload 9.22.0 – Arbitrary File Upload Exploit

WebKit JSC JIT – GetIndexedPropertyStorage Use-After-Free

Spotify 1.0.96.181 – ‘Proxy configuration’ Denial of Service (PoC)

NTPsec 1.1.2 – ‘ctl_getitem’ Out-of-Bounds Read (PoC)

Microsoft Windows 10 – XmlDocument Insecure Sharing Privilege Escalation

1Password < 7.0 – Denial of Service

Microsoft Windows VCF – Remote Code Execution

Linux/x86 – Bind (4444/TCP) Shell (/bin/sh) Shellcode (100 bytes)

ownDMS 4.7 – SQL Injection

Twilio WEB To Fax Machine System Application 1.0 – SQL Injection