Android’s vold’s incremental-fs APIs trust paths from system_server for mounting. There is supposed to be privilege separation between vold (TCB) and system_server (privileged process). However, vold’s IPC handlers related to…
>> AUTHOR: deepcore
Online Pre-owned/Used Car Showroom Management System 1.0 – SQLi Authentication Bypass
WordPress Plugin Slider by Soliloquy 2.6.2 – ‘title’ Stored Cross Site Scripting (XSS) (Authenticated)
Online Magazine Management System 1.0 – SQLi Authentication Bypass
WordPress Plugin All-in-One Video Gallery plugin 2.4.9 – Local File Inclusion (LFI)
WordPress Plugin DZS Zoomsounds 6.45 – Arbitrary File Read (Unauthenticated)
Online Enrollment Management System in PHP and PayPal version 1.0 suffers from a persistent cross site scripting vulnerability.
Advanced Comment System version 1.0 suffers from a remote command execution vulnerability.
NSS (Network Security Services), Mozilla project’s cross-platform security library, suffers from a memory corruption flaw when validating ECDSA signatures.
MilleGPG5 version 5.7.2 Luglio 2021 suffers from a local privilege escalation vulnerability.