Arm Mali Released Buffer Use-After-Free
Authored by Jann Horn, Google Security Research
On Mali devices without the new CSF interface, IMPORTED_USER_BUF is released without flushing host-side VMAs, leading to a page use-after-free vulnerability.
advisories | CVE-2022-36449
Arm Mali Physical Address Exposure
Authored by Jann Horn, Google Security Research
Arm Mali has an issue where a driver exposes physical addresses to unprivileged userspace.
advisories | CVE-2022-36449
Trojan.Ransom.Ryuk.A MVID-2022-0640 Code Execution
Authored by malvuln | Site malvuln.com
Trojan.Ransom.Ryuk.A ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL, execute our own code, and control...
Buffalo TeraStation Network Attached Storage (NAS) 1.66 Authentication Bypass
Authored by Jordan Glover
Buffalo TeraStation Network Attached Storage (NAS) version 1.66 suffers from an authentication bypass vulnerability.
Change Mirror Download
# Exploit Title: Buffalo TeraStation Network Attached Storage (NAS) 1.66 -...
SAP SAProuter Improper Access Control
Authored by Fabian Hagg | Site sec-consult.com
SAP SAProuter suffers from an improper access control vulnerability where permitting loopback traffic can lead to unexpected behavior.
advisories | CVE-2022-27668
Change Mirror Download
SEC Consult...
Palo Alto Networks Authenticated Remote Code Execution
Authored by UnD3sc0n0c1d0, Mikhail Klyuchnikov, jheysel-r7, Nikita Abramov | Site metasploit.com
This Metasploit module exploits an OS command injection vulnerability in the PAN-OS management interface that allows authenticated administrators to...
SAP SAPControl Web Service Interface Local Privilege Escalation
Authored by M. Li | Site sec-consult.com
SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition.
advisories | CVE-2022-29614
Change Mirror Download
SEC Consult Vulnerability Lab Security...
Genesys PureConnect Cross Site Scripting
Authored by Jake Murphy
Genesys PureConnect as of their build on 08-October-2020 suffers from a cross site scripting vulnerability.
advisories | CVE-2022-37775
Change Mirror Download
Product: Genesys PureConnect - Interaction Web Tools Chat...
WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting
Authored by Mariam Tariq
WordPress GetYourGuide Ticketing plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.
Change Mirror Download
# *Exploit Title*: WordPress Plugin ‘GetYourGuide Ticketing’ - StoredCross-Site Scripting#...
OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection
Authored by Saud Alenazi
OpenCart 3.x Newsletter Custom Popup module version 4.0 suffers from a remote blind SQL injection vulnerability.
Change Mirror Download
# Exploit Title: OpenCart v3.x So Newsletter Custom Popup...