WinWaste.NET version 1.0.6183.16475 allows a local unprivileged user to replace the executable with a malicious file that will be executed with LocalSystem privileges.
>> CATEGORY: exploit
WordPress XCloner plugin version 4.2.12 authenticated remote code execution exploit.
This Metasploit module leverages a flaw in runc to escape a Docker container and get command execution on the host as root. This vulnerability is identified as CVE-2019-5736. It overwrites…
This archive contains all of the 217 exploits added to Packet Storm in June, 2021.
phpAbook version 0.9i suffers from a remote SQL injection vulnerability.
Doctors Patients Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Securepoint SSL VPN Client version 2.0.30 suffers from a local privilege escalation vulnerability.
Apache Superset version 1.1.0 suffers from a time-based account enumeration vulnerability.
A KVM guest on AMD can launch a L2 guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nested_svm_vmrun. Executing vmrun from the L2 guest, will…
ES File Explorer version 4.1.9.7.4 arbitrary file read exploit.