5 matches found
CVE-2026-27175 MajorDoMo Command Injection in rc/index.php via Race Condition
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user input is interpolated into a command string within double quotes without sanitization via escapeshellarg. The command is inserted into a database queue by...
A review of Azure Sphere vulnerabilities: Unsigned code execs, kernel bugs, escalation chains and firmware downgrades
Summary of all the vulnerabilities reported by Cisco Talos in Microsoft Azure Sphere By Claudio Bozzato and Lilith . In May 2020, Microsoft kicked off the Azure Sphere Security Research Challenge, a three-month initiative aimed at finding bugs in Azure Sphere. In the first three months,... This i...
Apple OS XiOS Kernel - IOSurface Use-After-Free
Apple OS XiOS Kernel - IOSurface Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=831 IOSurfaceRootUserClient stores a task struct pointer passed in via IOServiceOpen in the field at +0xf0 without taking a reference. By killing the corrisponding task we can free th...
kernel 2.2.x/2.4 .0-test1,SGI ProPack 1.2/1.3 Capabilities Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/1322/info POSIX Capabilities have recently been implemented in the Linux kernel. These Capabilities are an additional form of privilege control to enable more specific control over what priviliged processes can do...
kernel 2.2.x/2.4 .0-test1,SGI ProPack 1.2/1.3 Capabilities Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/1322/info POSIX Capabilities have recently been implemented in the Linux kernel. These Capabilities are an additional form of privilege control to enable more specific control over what priviliged processes can do...