CVE-2018-18500 is a security vulnerability that affects Firefox web browsers before version 65.0. It is a use-after-free vulnerability that occurs while parsing an HTML5 stream, which can allow attackers to execute arbitrary code on the affected system or cause a denial-of-service attack.
A...
VBScript: Memory corruption in VbsErase
Related CVE Numbers: CVE-2019-0667.
There is an issue in VBScript in the VbsErase function. In some cases (see the attached PoC), VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array...
Type confusion is a vulnerability that arises when a program or script incorrectly interprets a data type, leading to unexpected and potentially dangerous behavior. In the context of web browsers, type confusion can be exploited by attackers to execute arbitrary code on a victim's machine.
In...
Security researcher John Page (John Page) disclosed information about a vulnerability in the Microsoft Internet Explorer 11 browser that allows access to files on systems running Windows. The PoC code for this bug has also been published.
The problem is related to the processing of IE files in...
CVE-2019-6989 is a vulnerability in the TP-Link TL-WR940N and TL-WR941ND routers that could allow an attacker to execute remote code on the device. This vulnerability affects firmware version 3.16.9 build 150310 and earlier versions of these routers.
The vulnerability exists due to improper...
LPE (Local Privilege Escalation) is a security vulnerability that allows an attacker with limited access to a system to gain higher privileges on that system. Windows AppX (AppXSVC) is a Windows service that manages the installation, removal, and servicing of AppX packages. AppX is a new...