>> TAG: #0day

[Hebrew] Digital Whisper Security Magazine #74

WordPress ALO EasyMail Newsletter Plugin 2.9.2 – (Add/Import Arbitrary Subscribers) CSRF

Hacking the PS4, part 3 – Kernel exploitation

mySCADAPro 7 – Local Privilege Escalation

VUPlayer 2.49 – (.pls) Stack Buffer Overflow (DEP Bypass)

AXIS Multiple Products – Authenticated Remote Command Execution via devtools Vector

WordPress Ultimate Product Catalog 3.9.8 – (do_shortcode via ajax) Blind SQL Injection

Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 – Post Auth Remote Root Exploit (Metasploit) (3)

PhpMyAdmin 4.6.2 – Post-Auth Remote Code Execution

WebKit – TypedArray.copyWithin Memory Corruption