>> CATEGORY: exploit

Vehicle Parking Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Tushar Vaidya in…

Proof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in…

Vehicle Parking Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to gh1mau in July of 2020.

News Portal Project version 3.1 suffers from multiple remote time-based SQL injection vulnerabilities.

CSZ CMS version 1.2.9 suffers from an arbitrary file deletion vulnerability.

Ampache version 4.4.2 suffers from a cross site scripting vulnerability.

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress plugin Backup Guard versions prior…

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel’s filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local…

This Metasploit module leverages an authentication bypass exploit within Sage X3 AdxSrv’s administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service.