Home | Latest News | Popular News | Our Network | About | Contact
Latest Exploits | www.SecurityPhresh.com
Latest Exploits
Showing 'Latest Exploits' from 11 to 20
Microsoft Windows Task Scheduler .job Import Arbitrary DACL Write
22nd May 2019 [3 days ago] from PacketStormSecurity
Microsoft Windows task scheduler .job import arbitrary DACL write proof of concept exploit.
FreeBSD Rtld Execl() Privilege Escalation
21st May 2019 [4 days ago] from PacketStormSecurity
This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects...
Mac OS X Feedback Assistant Race Condition
21st May 2019 [4 days ago] from PacketStormSecurity
This Metasploit module exploits a race condition vulnerability in Macs Feedback Assistant. A successful attempt would result in remote code execution under the context of root.
Shopware CreateInstanceFromNamedArguments PHP Object Instantiation
21st May 2019 [4 days ago] from PacketStormSecurity
This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments...
XNU Stale Pointer Use-After-Free
21st May 2019 [4 days ago] from PacketStormSecurity
XNU suffers from a use-after-free vulnerability due to a stale pointer left by in6_pcbdetach.
Visual Voicemail For IPhone IMAP NAMESPACE Use-After-Free
21st May 2019 [4 days ago] from PacketStormSecurity
Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.
Darktrace Enterpise Immune System 3.0.9 / 3.0.10 Cross Site Request Forgery
21st May 2019 [4 days ago] from PacketStormSecurity
Darktrace Enterprise Immune System versions 3.0.9 and 3.0.10 contain multiple cross site request forgery vulnerabilities. It is highly likely that older versions are affected as well, but this has not been confirmed. An attacker can whitelist...
PHP PHP_INI_SYSTEM Ineffective Controls
21st May 2019 [4 days ago] from PacketStormSecurity
Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
Slims CMS Akasia 8.3.1 SQL Injection
21st May 2019 [4 days ago] from PacketStormSecurity
Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Convert Video JetAudio 8.1.7 Denial Of Service (PoC)
19th May 2019 [6 days ago] from ExploitDatabase
Topic: Convert Video jetAudio 8.1.7 Denial of Service (PoC) Risk: Medium Text:# -*- coding: utf-8 -*- # Exploit Title: Convert Video jetAudio 8.1.7 - Denial of Service (PoC) # Date: 08/05/2019 # Author:...
« Newer 1 2 3 4 5 6 7 8 9 10 Older »