>> CATEGORY: exploit

Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same…

This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The…

WordPress Profile Builder plugin versions 3.9.0 and below suffer from a missing authorization vulnerability in wppb_toolbox_usermeta_handler().

This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The…

This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are…

This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are…

Shopify suffers from a cross site scripting vulnerability.

Fastly suffers from the poor practice of sending a temporary password in plaintext.

Linux USB usbnet tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.