>> TAG: #0day

Shield CMS 2.2 – ’email’ SQL Injection

Microsoft Windows – DSSVC CheckFilePermission Arbitrary File Deletion

Heatmiser Wifi Thermostat 1.7 – Cross-Site Request Forgery (Update Admin)

Google Chrome V8 JavaScript Engine 71.0.3578.98 – Out-of-Memory. Denial of Service (PoC)

Microsoft Office SharePoint Server 2016 – Denial of Service (Metasploit)

ZTE MF65 BD_HDV6MF65V1.0.0B05 – Cross-Site Scripting

Linux/x86 – wget chmod execute over execve /bin/sh -c Shellcode (119 bytes)

polkit – Temporary auth Hijacking via PID Reuse and Non-atomic Fork

CF Image Hosting Script 1.6.5 – (Delete all Pictures) Privilege Escalation

Wireshark – ‘get_t61_string’ Heap Out-of-Bounds Read