This Metasploit module exploits a vulnerability in Ubuntu’s implementation of overlayfs. The vulnerability is the result of failing to verify the ability of a user to set the attributes in…
>> ARCHIVE: 2021-12
WordPress All-In-One Video Gallery plugin versions 2.4.9 and below suffer from a local file inclusion vulnerability.
Backdoor.Win32.WinShell.50 malware suffers from a hard-coded password vulnerability.
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal, cross site scripting, HTTP header, session object manipulation, local file…
Android’s vold’s incremental-fs APIs trust paths from system_server for mounting. There is supposed to be privilege separation between vold (TCB) and system_server (privileged process). However, vold’s IPC handlers related to…
WordPress Plugin DZS Zoomsounds 6.45 – Arbitrary File Read (Unauthenticated)
WordPress Plugin All-in-One Video Gallery plugin 2.4.9 – Local File Inclusion (LFI)
Online Magazine Management System 1.0 – SQLi Authentication Bypass
WordPress Plugin Slider by Soliloquy 2.6.2 – ‘title’ Stored Cross Site Scripting (XSS) (Authenticated)
Online Pre-owned/Used Car Showroom Management System 1.0 – SQLi Authentication Bypass