:: Deepquest ::

https://division4.immigration.go.th/xx.html notified by xstro0

http://namphonsao.go.th notified by Approve1337

Online Eyewear Shop version 1.0 suffers from a remote SQL injection vulnerability.

eCommerce Marketplace Platform CMS version 1.7 suffers from a cross site scripting vulnerability.

eCommerce Marketplace Platform CMS version 1.7 suffers from a remote SQL injection vulnerability.

If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. This is wrong, as the fd gets released via put_unused_fd() which shouldn’t be used, as the fd table slot was already populated via the previous call to fd_install(). This leaves userland with […]

This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The […]

This archive contains all of the 130 exploits added to Packet Storm in January, 2023.

mRemoteNG version 1.76.20 suffers from a weak permission privilege escalation vulnerability.

PHPJabbers Auto Classifieds Script version 3.2 suffers from a cross site scripting vulnerability.