Doctor’s Appointment System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Soham Bakore and Nakul Ratti in February…
>> CATEGORY: exploit
The WordPress Core version 6.0.2 release addresses cross site scripting and remote SQL injection vulnerabilities.
This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user (e.g. nobody) escalate to root. The issue stems from a suid binary that allows…
This archive contains all of the 79 exploits added to Packet Storm in August, 2022.
KVM instruction emulation can run while KVM_VCPU_PREEMPTED is set, which can lead other vcpus to skip sending TLB flush IPIs. As a consequence, KVM instruction emulation can access memory through…
AeroCMS version 0.0.1 suffers from a remote SQL injection vulnerability.
The Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal…
This Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory,…
In the Arm Mali driver’s handling of CSF user I/O mappings, VMA splitting is handled incorrectly, leading to a page being given back to the kernel’s page allocator while it…
PrestaShop Ap Pagebuilder module versions 2.4.4 and below suffer from a remote SQL injection vulnerability.