#windows

A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.

The Microsoft Windows Kernel CmDeleteLayeredKey may delete predefined tombstone keys, leading to security descriptor use-after-free.

The Microsoft Windows Kernel may reference rolled-back transacted keys through differencing hives.

The Microsoft Windows Kernel may reference unbacked layered keys through registry virtualization.

There is a Microsoft Windows Kernel arbitrary read that can be performed by accessing predefined keys through differencing hives.

Dynamic Journal CMS version 2.5 suffers from a database disclosure vulnerability.

e2 Distr CMS version 2.8.5.3 appears to leave backups in a world accessible directory under the document root.

DriverPack Solution CMS version 17.11.108 suffers from a cross site scripting vulnerability.

DMIS:CRI LMS version 2.0 suffers from a remote SQL injection vulnerability.

Discussion On Kontackt The Exclusive PHP Social Network Platform version 1.18 suffers from a cross site scripting vulnerability.