Posted by Calum Hutton on May 19
Clickheat 1.13+ Unauthenticated RCE
———————————–
The Clickheat developers have been informed, but have not responded to my email. The code has not been updated recently
and the project seems to be in an abandoned state.
I have discovered a vulnerability in Clickheat 1.13 onwards that would allow an attacker to execute arbitrary commands
on the remote webserver, in the context of the user running the webserver, without…
Posted by ValdikSS on May 19
Xamarin for Android prior to version 5.1 allows to replace internal DLL files inside the APK with files on SD card
which are not in a secure storage.
Malicious application without any special permissions could drop backdoored DLL files into
/storage/sdcard0/Android/data/app_id/files/.__override__/
and the victim application would use files from SD.
Not just the main application library could be hijacked, but also Xamarin’s System.dll and…
Posted by john smith on May 19
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
| Exploit Title: Milw0rm Clone Script v1.0 – (time based)…
Posted by Adrián M . F . on May 19
======================================================
SQLi in FeedWordPress WordPress plugin
======================================================
vendor: https://wordpress.org/plugins/feedwordpress/
active installs: 70,000+
vulnerable version: 2015.0426
fixed version: 2015.0514
CVE: CVE-2015-4018
Vulnerability
===============
(1) Authenticated SQLi [CWE-89]
——————————-
* CODE:
feedwordpresssyndicationpage.class.php:89…
Apple Security Advisory 2015-05-19-1 for Watch OS version 1.0.1.
HP Security Bulletin HPSBPI03322 1 – A potential security vulnerability has been identified with HP Access Control Pull Print Software. The vulnerability could result in local unauthorized access. Revision 1 of this advisory.
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.
unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling.
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.