This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.
Zentao Project Management System version 17.0 suffers from an authenticated remote code execution vulnerability.
During a penetration test of an Electronic Banking Internet Communication Standard (EBICS) environment, Pentagrid observed a cross site scripting vulnerability in the EBICS banking implementation developed by CREALOGIX AG and…
Web Based Student Clearance version 1.0 suffers from a remote shell upload vulnerability.
Joomla Vik Rent Car extension version 1.14 suffers from a cross site scripting vulnerability.
WordPress / Joomla JReviews extension version 4.1.5 suffers from a cross site scripting vulnerability.
WordPress eCommerce Product Catalog plugin version 3.0.70 suffers from a cross site scripting vulnerability.
Online Shopping System Advanced version 1.0 suffers from multiple remote SQL injection vulnerabilities.
Linux has an issue with munmap() racing with pagemap_read() that leads to a page use-after-free vulnerability.
WordPress Zephyr Project Manager plugin version 3.2.42 suffers from a remote SQL injection vulnerability.