Apple WebKit suffers from a UXSS via FrameLoader::clear.
Monthly Archives: February 2017
macOS HelpViewer XSS / Arbitrary File Execution / Read
Cross site scripting on macOS HelpViewer leads to arbitrary file execution and arbitrary file read.
Google Chrome Layout Out-Of-Bounds Read
Google Chrome suffers from an out-of-bounds read in layout.
Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion
Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement.
Android Javanano Compiler Arbitrary Class Loading / Instantiation
Android suffers from an arbitrary class loading and instantiation in the protobuf parcelable “javanano” compiler.
Linux/x86-64 Egghunter Shellcode
38 bytes small Linux x86-64 egghunter shellcode.
WordPress Mail Masta 1.0 SQL Injection
WordPress Mail Masta plugin version 1.0 suffers from a remote SQL injection vulnerability.
MBLS Flex CMS 0.7.2 SQL Injection / Cross Site Scripting
MBLS Flex CMS version 0.7.2 suffers from remote SQL injection and cross site scripting vulnerabilities.
Sophos Web Appliance 4.2.1.3 Remote Command Execution
This Metasploit module exploits a remote command execution vulnerability in the Sophos Web Appliance versions 4.2.1.3 and below. The vulnerability exists in a section of the machine’s administrative interface for performing diagnostic network tests with wget and unsanitized user supplied information.
ProjectSend r754 Insecure Direct Object Reference / Authenticaton Bypass
ProjectSend r754 suffers from authentication bypass and insecure direct object reference vulnerabilities.