Online Traffic Offense Management System version 1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Justin White in August…
A heap out-of-bounds write affecting Linux since version 2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a denial of service (via heap memory corruption)…
This Metasploit module exploits a file upload in VMware vCenter Server’s analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP…
Online Employees Work From Home Attendance System 1.0 – SQLi Authentication Bypass
Online Enrollment Management System 1.0 – Authentication Bypass
Simple Online College Entrance Exam System 1.0 – Account Takeover
Simple Online College Entrance Exam System 1.0 – Unauthenticated Admin Creation
WordPress Plugin Pie Register 3.7.1.4 – Admin Privilege Escalation (Unauthenticated)
django-unicorn 0.35.3 – Stored Cross-Site Scripting (XSS)
Maian-Cart 3.8 – Remote Code Execution (RCE) (Unauthenticated)