Serendipity 2.4.0 Cross Site Scripting
Serendipity version 2.4.0 suffers from a cross site scripting vulnerability.
Serendipity version 2.4.0 suffers from a cross site scripting vulnerability.
Lilac-Reloaded for Nagios version 2.0.l8 remote code execution exploit.
Swagger UI version 4.1.3 user interface misrepresentation of information proof of concept exploit.
Franklin Fueling Systems TS-550 suffers from a password hash disclosure vulnerability.
ProjeQtOr Project Management System version 10.3.2 suffers from a remote shell upload vulnerability.
Piwigo version 13.6.0 suffers from a persistent cross site scripting vulnerability.
Chitor-CMS version 1.1.2 suffers from a remote SQL injection vulnerability.
FUXA version 1.1.13-1186 suffers from an unauthenticated remote code execution vulnerability.
This Metasploit module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access.
CentOS Stream 9 has a missing kernel security fix for a tun double-free amongst other missing fixes. Included is a local root exploit to demonstrate the issue.