WordPress eCommerce Product Catalog plugin version 3.0.70 suffers from a cross site scripting vulnerability.
ff0d4cb24a195001f9420d783d0f4dbe60d91a2f4bb3d79cf0528ac2abf2e381
WordPress / Joomla JReviews extension version 4.1.5 suffers from a cross site scripting vulnerability.
5f56ff53ac01d00b3e875810f6f2f7c40afb167fad4d546dc4eaf52c382b8db3
Joomla Vik Rent Car extension version 1.14 suffers from a cross site scripting vulnerability.
91a94dd5d7c69c603cbfeff6f381e9f35e53cab8a5aedb4c5ff433b9f93cd5a7
Web Based Student Clearance version 1.0 suffers from a remote shell upload vulnerability.
ac7df912113c209e4aa92b944d9b94db3f34c974d4195900b8a821b928f931f6
During a penetration test of an Electronic Banking Internet Communication Standard (EBICS) environment, Pentagrid observed a cross site scripting vulnerability in the EBICS banking implementation developed by CREALOGIX AG and used by many banks.
8e15b109c84728b0304ea4b1b455ab2f70b32bdf220df264c8ce537fcfab3838
Zentao Project Management System version 17.0 suffers from an authenticated remote code execution vulnerability.
6068601aabffdd4fabb666c2f1c6f5b6a98c2cfa8a37e38ec60bd46de8f8505d
This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.
42264f6011010d1ea9305f22c2f23628b9337624b236c163e1a40b0e1273560f
Joomla Vik Booking extension version 1.15.0 suffers from a cross site scripting vulnerability.
dd42bf74f375195161af098783436d265cf1dca658bad8cf5c833c3115d343bd
WordPress Zephyr Project Manager plugin version 3.2.42 suffers from a remote SQL injection vulnerability.
1d1653f73858b8cf2dded02c8ee96ddc66f0140ba1976aa8aaf96c82cf1cb512
Joomla KSAdvertiser extension version 2.5.37 suffers from a cross site scripting vulnerability.
4eaa42e1e0c67e0bf498ffc37e3b6a03f35dd83b3650d4c88baf871c55b6de2d
Linux suffers from an anon_vma use-after-free vulnerability through the bogus merge of VMAs caused by double-reuse of leaf anon_vma because of ->degree misinterpretation.
e27e13af66dddafc7e4588c3b561b058fe6859b4fbc060de1741e0003a7d5b45
Joomla JoomBri Careers extension version 3.3.0 suffers from a cross site scripting vulnerability.
d77fb7d5d62697ee63dd1be197afce9d5f87ca658110bc50def033df0d09604c
Joomla JoomBri Freelance extension version 4.5.0 suffers from a cross site scripting vulnerability.
31af61b4ea332d3e2c73f319d81b3f8d7b1e9c54ad371ce137837d0d39f9d9ca
This Metasploit module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password (default). Tested against 4.110, current at the time of module writing.
c755856cc22f5c73769a789fca2bba93c17cf5a3be391dbe30fc988e69e8e0bc
This Metasploit module exploits a command injection within Enlightenment's enlightenment_sys binary. This is done by calling the mount command and feeding it paths which meet all of the system requirements, but execute a specific path as well due to a semi-colon being used. This module was tested on Ubuntu 22.04.1 X64 Desktop with enlightenment 0.25.3-1 (current at module write time).
2d952d42924466b709a23b5f40edb0a8dcb5cde23f8d5e429d729b94fe696986
Canteen Management version 1.0-2022 suffers from a cross site scripting vulnerability.
e458d8a49273df30cb443ba56b148013399d2b2e2d68fe4bf8b689343bae5ee8
WordPress WPvivid Backup plugin versions prior to 0.9.76 suffer from a path traversal vulnerability.
fb090fe06b8107185b5b73bdfac52e984a5bd3987e4e8a14397734095d06addf
WordPress Elementor plugin versions 3.6.0 through 3.6.2 suffer from a remote shell upload vulnerability. This is achieved by sending a request to install Elementor Pro from a user supplied zip file. Any user with Subscriber or more permissions is able to execute this.
0537a61d8c7e168ee93f25ae88cc62b13741cb186c02291ebc2f946f834cd81f
Joomla RAXO All-Mode PRO extension version 2.01 suffers from a cross site scripting vulnerability.
b184da1d06132aed982ee2549a07da0dfa94c6d57c4ca741a10f65c4a73eec7a
Canteen Management version 1.0-2022 suffers from a remote SQL injection vulnerability.
2d4328d6484fdeed0350fcb19dc9fe4f3d5499e3bb9f44d105865efdc3315733
Joomla Solidres extension version 2.12.9 suffers from a cross site scripting vulnerability.
4d0ea072e4c8b6fdd75003b025df09b5ced3c45e3082d7cfe1352f4dfe683076
Backdoor.Win32.Delf.eg malware suffers from an unauthenticated remote command execution vulnerability.
647bd7e9095b288a89ae94fb9fdf863e6f1885af0b181b032ba01f65602b3f36
Joomla Rentalot Plus extension version 19.05 suffers from a cross site scripting vulnerability.
aedfc2d95d5227b04253c71464868837385b669d29fc95f1a799b49deac5e9ef
Backdoor.Win32.NTRC malware suffers from a hardcoded credential vulnerability.
a322e5735d0deb5c868f091706d37757fb129052cbe2bf666954811ee4775878
Password Manager for IIS version 2.0 suffers from a cross site scripting vulnerability.
e3c574103dc808c4e03c80474d9c24b0be15c49bf81a66c6df2e5cdb5c3c0483