CVE-2021-0106

Incorrect default permissions in the IntelR OptaneTM DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-0106

Incorrect default permissions in the IntelR OptaneTM DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-0106

CVE-2021-0106 affects Intel Optane DC Persistent Memory for Windows. The vulnerability stems from incorrect default permissions in software versions before 2.00.00.3842 or 1.00.00.3515, potentially allowing an authenticated user to escalate privileges via local access. Intel’s advisory (Intel SA-...

Intel® Optane™ DC Persistent Memory for Windows June 2021 Security Update

Intel has informed HP of a potential security vulnerability in the Intel® Optane™ DC Persistent Memory for Windows software which may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential...

Shepard - In Progress Persistent Download/Upload/Execution Tool Using Windows BITS

This is an IN PROGRESS persistance tool using Windows Background Intelligent Transfer Service BITS. Functionality: File Download, File Exfiltration, File Download + Persistent Execution Usage: run shepard.exe as Administrator with the following command line arguments -d remoteLocation, writePath:...

CVE-2021-27828

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

CVE-2021-27828

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

CVE-2021-27828

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting (XSS)

Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Date: 24-05-2021 Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Gadget Works Online Ordering System 1.0 Cross Site Scripting

Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Date: 24-05-2021 Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Gadget Works Online Ordering System 1.0 - (Category) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1....

CVE-2021-30082

An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard...

CVE-2021-30082

An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard...

Cross site scripting

An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard...

CVE-2021-30082

Gris CMS v0.1 is affected by a persistent XSS vulnerability in admin/dashboard due to insufficient validation of client data. This allows remote attackers to inject arbitrary script/HTML. CNVD notes potential credential theft; no remediation details are provided in the supplied documents.

CVE-2021-30082

An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard...

Security update for cacti, cacti-spine (important)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2021:0787-1 Rating: important References: 1180804 Cross-References: CVE-2020-35701 CVSS scores: CVE-2020-35701 NVD : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...

CVE-2021-27463

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive...

Information disclosure

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive...

CVE-2021-31930

Persistent cross-site scripting XSS in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When a privileged user attempts to delete the...