imagine this: you install an innocent-looking app from the Play Store. It requests zero dangerous permissions. It sits quietly in your app drawer. The next time you tap “Login with…
>> TAG: #0day
KodExplorer 4.49 – CSRF to Arbitrary File Upload
Microsoft Word 16.72.23040900 – Remote Code Execution (RCE)
Bang Resto v1.0 – ‘Multiple’ SQL Injection
Bang Resto v1.0 – Stored Cross-Site Scripting (XSS)
AspEmail v5.6.0.2 – Local Privilege Escalation
Swagger UI 4.1.3 – User Interface (UI) Misrepresentation of Critical Information
Franklin Fueling Systems TS-550 – Default Password
GDidees CMS 3.9.1 – Local File Disclosure
Chitor-CMS v1.1.2 – Pre-Auth SQL Injection