There is a use-after-free vulnerability in VP9 processing in WebRTC.
46a569d07b8a5affa552ca7aa5867a06There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.
f5cc50595786ed774a0112b7002d39e0NICO-FTP version 3.0.1.19 SEH buffer overflow exploit.
4ccdbfbde28268bcd3d906b1c12fb49aMicrosoft Windows suffers from a double dereference in NtEnumerateKey that leads to elevation of privilege.
4f74d58bd627bf009b466bba6d3ced66Microsoft Windows suffers from a CiSetFileCache TOCTOU CVE-2017-11830 variant WDAC security feature bypass vulnerability.
ec7d5c98907d960bda7e631701207804The RICOH MP 2001 printer suffers from cross site scripting and html injection vulnerabilities.
040d03765bc94f57ea1b8b754705d7c1The RICOH SP 4510SF printer suffers from cross site scripting and html injection vulnerabilities.
3874dbacb56e89248b7baf8cf89caacaManageEngine SupportCenter Plus version 8.1.0 suffers from cross site scripting and html injection vulnerabilities.
ea19af7bdfd99c3b50dd3d6121956d70LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability.
46eacb280221d5cbed56a7615db482a6ManageEngine Desktop Central version 10.0.271 suffers from a cross site scripting vulnerability.
a602b5cb22854682e6644effd92da051LimeSurvey version 3.14.7 suffers from cross site scripting and html injection vulnerabilities.
124babb32873ccb923bdcf3a1cbf33e1WordPress Localize My Post plugin version 1.0 suffers from a local file inclusion vulnerability.
7f78f65786c6ba92a8df4a1d6aef8f36WordPress Wechat Broadcast plugin version 1.2.0 suffers from a local file inclusion vulnerability.
96c6e22ef7a8508c4c0907ada9779757Roundcube rcfilters plugin version 2.1.6 suffers from a cross site scripting vulnerability.
7a0a682b236084b6ce800fa7ea18f0f7It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
8137c7cec868dfc1cc789683ce268ce8CA Release Automation NiMi version 6.5 suffers from a remote command execution vulnerability.
ff45e0057873b44374cc8a9edbcfabbdMoodle versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14 suffer from a remote php unserialize code execution vulnerability.
4230dd49813d98f84c6358427e417b39Ubisoft Uplay Desktop Client version 63.0.5699.0 suffers from a remote code execution vulnerability.
da07192d34e92e6da201a74d92766b6dNUUO NVRMini2 version 3.8 cgi_system buffer overflow exploit.
08097a106baa047edbd143cdc755dca7This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library (libnspr) on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the `NSPR_LOG_FILE` environment variable. The log file is created with the privileges of the running process, resulting in privilege escalation when used in combination with a SUID executable. This Metasploit module writes a shared object to the trusted library directory `/usr/lib/secure` and runs the specified SUID binary with the shared object loaded using the `LD_LIBRARY_PATH` environment variable. This Metasploit module has been tested successfully with libnspr version 4.5.1 on Solaris 10u1 (01/06) (x86) and Solaris 10u2 (06/06) (x86).
0f80a93992c7fdfbc617a2b680a3059eWordPress Arigato Autoresponder and Newsletter plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
7d535ca7853080a8b831de38f014cd8aMicrosoft Edge Chakra suffers from a type confusion vulnerability with PathTypeHandlerBase::SetAttributesHelper.
5bdea5cae9762e60edfaa8a268f78dbbMicrosoft Edge Chakra JIT suffers from a type confusion vulnerability in localeCompare.
f4b3619f1626d973adb28bf93ce037e3Netis ADSL Router DL4322D RTK version 2.1.1 suffers from a cross site scripting vulnerability.
12aae5ac0de569dbe6de71140188df41Oracle VirtualBox Manager version 5.2.18 r124319 suffers from a denial of service vulnerability.
31a4605233cf56d13a93b6d69953aff1
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed