Apache Superset version 1.1.0 suffers from a time-based account enumeration vulnerability.
A KVM guest on AMD can launch a L2 guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nested_svm_vmrun. Executing vmrun from the L2 guest, will…
Vianeos OctoPUS 5 – ‘login_user’ SQLi
Online Voting System 1.0 – Remote Code Execution (Authenticated)
Online Voting System 1.0 – Authentication Bypass (SQLi)
WordPress Plugin XCloner 4.2.12 – Remote Code Execution (Authenticated)
ES File Explorer version 4.1.9.7.4 arbitrary file read exploit.
Doctors Patients Management System 1.0 – SQL Injection (Authentication Bypass)
Apache Superset 1.1.0 – Time-Based Account Enumeration
Simple Traffic Offense System 1.0 – Stored Cross Site Scripting (XSS)