This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to…

This archive contains all of the 130 exploits added to Packet Storm in January, 2023.

mRemoteNG version 1.76.20 suffers from a weak permission privilege escalation vulnerability.

PHPJabbers Auto Classifieds Script version 3.2 suffers from a cross site scripting vulnerability.

PHPJabbers Business Directory Script version 3.2 suffers from a cross site scripting vulnerability.

Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are…

PHPJabbers Property Listing Script version 3.1 suffers from a cross site scripting vulnerability.

PHPJabbers Property Listing Script version 3.1 suffers from a remote SQL injection vulnerability.

PHPJabbers Travel Tours Script version 1.0 suffers from a cross site scripting vulnerability.

PHPJabbers Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.