polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

CodeIgniter 跨站脚本漏洞

CodeIgniter is an open source web framework written in the PHP language. CodeIgniter 4 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

PT-2022-7035 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: Reolink RLC-410W version 3.0.0.136 20121102 Description: A memory corruption issue exists in the netserver parse command list functionality, related to an out-of-bounds write operation. This can be triggered by a specially-crafted HTTP reques...

Thales Sentinel Protection Installer 安全漏洞

Thales Group Thales Sentinel Protection Installer is an integrated installer from the French company Thales Group. A security vulnerability exists in Thales Sentinel Protection Installer, which can be exploited by an attacker to execute code as a privileged user on a system on which the agent is...

Prototype Pollution in realms-shim

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

This is a PoC exploit for CVE-2021-26084, a pre-auth RCE injecti...

Mozilla: Browser window spoof using fullscreen mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When navigating from inside an iframe while requesting full screen access, an attacker-controlled tab could have made the browser unable to leave full screen mode...

The vulnerability of the `__rds_conn_create()` function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the rdsconncreate function net/rds/connection.c in the Linux operating system is related to memory release errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2022-21823

A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control 2021.2 10.7.30.0 that could allow an attacker with locally authenticated low privileges to obtain key information due to an unspecified attack vector...

CVE-2021-23543

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector...

Samsung Reminder App 代码注入漏洞

Samsung Reminder App is a reminder application from Samsung South Korea that comes pre-installed on Korean branded Samsung devices. The Samsung Reminder App suffers from a security vulnerability that allows an attacker to perform privileged actions by hijacking and modifying intent...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control RES One Workspace is a set of workspace control software from Ivanti, USA. The software includes features such as user management, application management and report management. A security vulnerability exists in versions prior to Ivanti Workspace Control 2021.2 10.7.30.0,...

Online Railway Reservation System 1.0 - (id) SQL Injection Vulnerability

Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection Unauthenticated Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

Online Veterinary Appointment System 1.0 - (Multiple) SQL Injection Vulnerability

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

Online Veterinary Appointment System 1.0 SQL Injection

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

Hospitals Patient Records Management System 1.0 - Account TakeOver Vulnerability

Exploit Title: Hospitals Patient Records Management System 1.0 - Account TakeOver Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...

CMSimple 5.4 - Cross Site Scripting Vulnerability

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the delete button,an...

Hospitals Patient Records Management System 1.0 - (id) SQL Injection (Authenticated) Vulnerability

Exploit Title: Hospitalss Patient Records Management System 1.0 - 'id' SQL Injection Authenticated Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...

CMSimple 5.4 - Cross Site Scripting (XSS)

Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the...