>> CATEGORY: exploit

Vishesh Auto Index version 3.1 suffers from a remote SQL injection vulnerability.

Rukovoditel Project Management CRM version 2.3 suffers from a remote SQL injection vulnerability.

MV Video Sharing Software version 1.2 suffers from a remote SQL injection vulnerability.

HighPortal version 12.5 suffers from a cross site scripting vulnerability.

GIU Gallery Image Upload version 0.3.1 suffers from a remote SQL injection vulnerability.

On Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.

Snes9K version 0.0.9z SEH buffer overflow proof of concept exploit.

Proof of concept exploit for a Mozilla Firefox picture drag and drop security bypass vulnerability. Tested on versions 3.6.10 up to 62.0.3. Password to decompress this archive is ff2018.

BigTree CMS version 4.2.23 suffers from a cross site scripting vulnerability.

Alchemy CMS version 4.1-Stable suffers from a cross site scripting vulnerability.