When serializing JavaScript objects for sending to another window using the postMessage method, the code in blink does not handle Symbol objects correctly and attempts to serialize this kind of object as a regular object, which results in a bad cast. An attacker that can trigger this issue may be able to execute arbitrary code. […]
Trango devices all have a built-in, hidden root account, with a default password that is the same across many devices and software revisions. This account is accessible via ssh and grants access to the underlying embedded unix OS on the device, allowing full control over it. Recent software updates for some models have changed this […]
ShopZilla Comparison Shopping Script version 2.3 suffers from a cross site scripting vulnerability.
Rate-Me PHP Script version 1.0 suffers from a persistent cross site scripting vulnerability.
InvoicePlane version 1.4.8 has an incorrect access control for password resets.
Sagem Fast 3304-V2 suffers from a credential disclosure vulnerability.
A vulnerability in Windows Local Security Authority Subsystem Service (LSASS) was found on Windows OS versions ranging from Windows XP through to Windows 10. This vulnerability allows an attacker to remotely crash the LSASS.EXE process of an affected workstation with no user interaction. Successful remote exploitation of this issue will result in a reboot of […]
The Microsoft Windows kernel suffers from a denial of service vulnerability as outlined in MS16-135.
ATutor version 2.2.2 cross site request forgery proof of concept that adds a new course.
Schoolhos CMS version 2.29 suffers from code execution and remote SQL injection vulnerabilities.
