Easy2Pilot version 8 suffers from remote SQL injection, backdoor account, and cross site request forgery vulnerabilities.
>> CATEGORY: exploit
Apache Tomcat AJP Ghostcat file read and inclusion exploit.
Core FTP LE version 2.2 suffers from a denial of service vulnerability.
PhpIX 2012 Professional (Beta) suffers from a remote SQL injection vulnerability.
Business Live Chat Software version 1.0 suffers from a cross site request forgery vulnerability.
PHP-Fusion CMS versions 9 through 9.03 suffer from multiple cross site scripting vulnerabilities.
Comtrend VR-3033 suffers from a command injection vulnerability.
In the Samsung kernel, the /dev/hdcp2 device ioctls seem to implement no locking, leading to multiple exploitable race conditions. For example, you can open a session with the HDCP_IOC_SESSION_OPEN ioctl,…
The function __vipx_ioctl_put_container() in the Samsung kernel calls copy_to_user() on a vs4l_container_list structure that contains a kernel pointer, exposing that kernel pointer to userspace just before it gets passed to…
XNU suffers from a use-after-free vulnerability in tcp_input.