Scratch Desktop 3.17 – Cross-Site Scripting/Remote Code Execution (XSS/RCE)
>> AUTHOR: deepcore
Scratch Desktop 3.17 – Cross-Site Scripting/Remote Code Execution (XSS/RCE)
phpAbook version 0.9i suffers from a remote SQL injection vulnerability.
Doctors Patients Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Securepoint SSL VPN Client version 2.0.30 suffers from a local privilege escalation vulnerability.
Apache Superset version 1.1.0 suffers from a time-based account enumeration vulnerability.
A KVM guest on AMD can launch a L2 guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nested_svm_vmrun. Executing vmrun from the L2 guest, will…
Online Voting System 1.0 – Remote Code Execution (Authenticated)
WordPress Plugin XCloner 4.2.12 – Remote Code Execution (Authenticated)
Vianeos OctoPUS 5 – ‘login_user’ SQLi
Online Voting System 1.0 – Authentication Bypass (SQLi)