>> CATEGORY: exploit

A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes…

WordPress SP Project and Document Manager plugin version 4.21 suffers from a remote shell upload vulnerability.

Employee Record Management System version 1.2 suffers from a persistent cross site scripting vulnerability.

Online Covid Vaccination Scheduler System version 1.0 suffers from a remote shell upload vulnerability.

ASProtect embeds a runtime DLL that is susceptible to memory corruption. Crash testcase provided.

Wyomind Help Desk version 1.3.6 suffers from remote shell upload, cross site scripting, and directory traversal vulnerabilities.

Docker Dashboard suffers from a remote command execution vulnerability. The fix is added in commit 79cdc41.

Online Covid Vaccination Scheduler System version 1.0 suffers from a remote time-based blind SQL injection vulnerability.

Rocket.Chat 3.12.1 unauthenticated NoSQL injection to remote code execution exploit.

WordPress Plainview Activity Monitor plugin version 20161228 authenticated remote code execution exploit.