>> CATEGORY: exploit

Online Learning Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Online Learning Management System version 1.0 suffers from multiple cross site scripting vulnerabilities.

Sales and Inventory System for Grocery Store version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

usrsctp suffers from a use-after-free write when handling a malicious COOKIE-ECHO.

CVE-2020-0986, which was exploited in the wild, was not fixed. The vulnerability still exists, just the exploitation method had to change. A low integrity process can send LPC messages to…

Sony Playstation 4 versions prior to 7.02 ValidationMessage::buildBubbleTree() use-after-free webkit code execution proof of concept exploit.

Online Marriage Registration System version 1.0 suffers from a remote SQL injection vulnerability.

Sony Playstation 4 versions prior to 6.72 ValidationMessage::buildBubbleTree() use-after-free webkit code execution proof of concept exploit.

Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.

Victor CMS version 1.0 suffers from an authenticated remote shell upload vulnerability. A shell upload vulnerability in this version was originally discovered in May of 2020 by Kishan Lal Choudhary.