Linux suffers from broken locking in TIOCSPGRP that can lead to a corrupted refcount.
>> CATEGORY: exploit
Academy LMS version 4.3 suffers from a persistent cross site scripting vulnerability.
Spiceworks version 7.5 suffers from an HTTP header injection vulnerability.
WordPress Contact Form 7 plugin version 5.3.1 suffers from a remote shell upload vulnerability.
Spotweb version 1.4.9 suffers from a remote SQL injection vulnerability. Related CVE number: CVE-2020-35545.
SCO Openserver version 5.0.7 suffers from a cross site scripting vulnerability.
Queue Management System version 4.0.0 suffers from a persistent cross site scripting vulnerability.
SCO Openserver version 5.0.7 suffers from a command injection vulnerability.
Point of Sale System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
Alumni Management System version 1.0 suffers from a remote shell upload vulnerability. Original discovery for this vulnerability in this version is attributed to Valerio Alessandroni.