Exploit for Out-of-bounds Write in Polkit_Project Polkit

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Loca...

CVE-2020-15249 Stored XSS by authenticated backend user with access to upload files

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since S...

Design/Logic Flaw

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server...

CVE-2020-5295 Local File read vulnerability in OctoberCMS

In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Issue has...