Posts

macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules

WordPress Plugin Form Maker 1.12.20 - CSV Injection

macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

Nagios XI 5.2.[6-9], 5.3, 5.4 - Chained Remote Root

Navicat < 12.0.27 - Oracle Connection Overflow

Drupal < 7.58 - 'Drupalgeddon3' Authenticated Remote Code (Metasploit)

Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender Unauthorized Remote Reboot

Frog CMS 0.9.5 Cross Site Scripting

Frog CMS 0.9.5 - Persistent Cross-Site Scripting

Drupal Drupalgeddon 2 Forms API Property Injection

GitList 0.6 Remote Code Execution

Google Chrome V8 AwaitedPromise Update Bug

HRSALE The Ultimate HRM 1.0.2 Cross Site Scripting

HRSALE The Ultimate HRM 1.0.2 Local File Inclusion

Drupal drupgeddon3 Remote Code Execution

Jfrog Artifactory Code Execution / Shell Upload

WordPress WP With Spritz 1.0 File Inclusion

SickRage Credential Disclosure

October CMS User 1.4.5 Cross Site Scripting

hik-connect.com / ezvizlife.com Authentication Bypass

Sitecore.NET 8.1 Directory Traversal

HRSALE The Ultimate HRM 1.0.2 SQL Injection

Nintendo Switch / Nvidia Fusee Gelee Disclosure

HRSALE The Ultimate HRM 1.0.2 CSV Injection

Blog Master Pro 1.0 CSV Injection

Shopy Point Of Sale 1.0 CSV Injection

Google Chrome V8 Arrow Function Scope Fixing Bug

GitList 0.6 - Unauthenticated Remote Code Execution

MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting

Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)

TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot

phpLiteAdmin 1.9.7.1 Authorization Bypass

October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting

SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response

WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion

Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution

Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)

HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion

Chrome V8 JIT - 'AwaitedPromise' Update Bug

Chrome V8 JIT - Arrow Function Scope Fixing Bug

HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting

HRSALE The Ultimate HRM v1.0.2 - CSV Injection