Student Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
>> CATEGORY: exploit
The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and…
ZeroShell version 3.9.0 remote command execution exploit.
Dental Clinic Appointment Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities with one of them allowing for authentication bypass.
OpenPLC WebServer version 3 authentication remote code execution exploit.
ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Linux targets.
Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll use-after-free exploit.
ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Windows targets.
Firefox 72 IonMonkey JIT type confusion exploit.
There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been…