Podcast Generator version 3.1 suffers from a persistent cross site scripting vulnerability.
Student Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and…
ZeroShell version 3.9.0 remote command execution exploit.
Dental Clinic Appointment Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities with one of them allowing for authentication bypass.
OpenPLC WebServer version 3 authentication remote code execution exploit.
ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Linux targets.
Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll use-after-free exploit.
ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Windows targets.
Firefox 72 IonMonkey JIT type confusion exploit.