ES File Explorer 4.1.9.7.4 Arbitrary File Read

ES File Explorer version 4.1.9.7.4 arbitrary file read exploit.

June 30, 2021
[webapps] Doctors Patients Management System 1.0 – SQL Injection (Authentication Bypass)

Doctors Patients Management System 1.0 – SQL Injection (Authentication Bypass)

[webapps] Apache Superset 1.1.0 – Time-Based Account Enumeration

Apache Superset 1.1.0 – Time-Based Account Enumeration

[webapps] Simple Traffic Offense System 1.0 – Stored Cross Site Scripting (XSS)

Simple Traffic Offense System 1.0 – Stored Cross Site Scripting (XSS)

[webapps] phpAbook 0.9i – SQL Injection

phpAbook 0.9i – SQL Injection

Atlassian Jira Server/Data Center 8.16.0 Cross Site Scripting

Atlassian Jira Server / Data Center version 8.16.0 suffer from a cross site scripting vulnerability.

June 29, 2021
Email-Worm.Win32.Trance.a Insecure Permissions

Email-Worm.Win32.Trance.a malware suffers from an insecure permissions vulnerability.

Android Data Exfiltration

This is a tool that was developed to run as alternative “/init”. The program will make an Android phone show up as mass storage device during boot. The complete internal storage is available for reading including the partition table and all 42 partitions of the Android system.

SAS Environment Manager 2.5 Cross Site Scripting

SAS Environment Manager version 2.5 suffers from a persistent cross site scripting vulnerability.

Personnel Record Management System 1.0 SQL Injection

Personnel Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.