Proof of concept code for the Microsoft Windows DWM Core library elevation of privilege vulnerability. The researcher shows how they reversed the patch, how the heap overflow is produced, and overall gives a complete walk through of their process.
ae21b7b798fa9141cefb1411db92e94dfef6796823599323e49ec4cfcc3f7c0dBy having specific DDL permissions set in Oracle 19c, you can bypass access restrictions normally in place for VPD (virtual private database).
ff60854406414096e014384dc484cf5d2a0ecd59484b16d36d5fb5dd40a2a5f3PPDB version 2.4-update 6118-1 suffers from a remote blind SQL injection vulnerability.
9d523a1c4c7a1e4958bb28bea2acec5647cfe8b259c7789ee6c3b10177fbb4d5POMS version 1.0 suffers from an ignored default credential vulnerability.
e96b4926531826f22ee72eeb7f339d7761192178a35f69af5d5141abbc8b63c1Pharmacy Management System version version 1.0 suffers from an ignored default credential vulnerability.
6c367c1c4b085e72851f370194180a14f132217419dbc26645d989d1f50bd05cPDF Generator Web Application version 1.0 suffers from an ignored default credential vulnerability.
ea0edf3e01f27c48e18ff7db4471b92d0d058e7c65718cf02003efd67a75fb49Park Ticketing Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1273e992f54e38d81032650942cf05f0d1f6d8b4728541c4e226b2c694587317Online Travel Agency System version 1.0 suffers from an ignored default credential vulnerability.
33fc5279701fd33248284f756fca51419cb1e797d0158e5bc05d6612e87f5c60Online Tours and Travels Management System version 1.0 suffers from an ignored default credential vulnerability.
4a5b9ca0712889f86abf481cbffe6181dc9758a00fca6adde682fe4a8dea1f53Online Survey System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0660b2849a4e1a0328a3532eed3666413e8e50508288962d63eca364d91fe25cC-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a command injection vulnerability.
e6ab13a0246110b44dcdf4979931f3c724f8288c7be0ae45d14d5e88b8828ed4C-MOR Video Surveillance versions 5.2401 and 6.00PL01 stores sensitive information, such as credentials, in clear text.
8db1a14276a8b4afd861e338c4174f26f883c0e15f48c5cde474fcac3953deddC-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from an improper privilege management vulnerability that can allows for privilege escalation.
2f2ea225657058c95e1bc52540ab6b85b8f472f2bc7c04ebb877194055c37e90C-MOR Video Surveillance version 5.2401 suffers from a remote shell upload vulnerability.
787e5049c9d126f909aa923e05bb07cd07413bc5154345d71f346e74ec5c9114C-MOR Video Surveillance version 5.2401 suffers from a path traversal vulnerability.
6fe58f550278f2bf7107e64be242c5fbad1b8ffd839d50b19fc56c102e4780e2C-MOR Video Surveillance version 5.2401 suffers from an improper access control privilege escalation vulnerability that allows for a lower privileged user to access administrative functions.
32777de2ae7cbdb7a5ea02bd7eb88688b8d67865352de7b14c8e41c4d0568f1aC-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a remote SQL injection vulnerability.
3631436bc00a5ef9505d823e81f823511bc49dc2698141fab1c6e02a8b517a74C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a cross site request forgery vulnerability.
280ac578aec4b568b932c6180b77dd607186ef35d18e5d6e3f81d7c2e2a25b04C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a persistent cross site scripting vulnerability.
1c20fdc720d1f9d37d1f2af502f48729eb04135e13883038d161f9835b8b3f55C-MOR Video Surveillance version 5.2401 suffers from a reflective cross site scripting vulnerability.
b6dd21760972bd50552c5c42a0225c1feee7b02dec561b4da5ec6673a6543af4Travel version 1.0 suffers from a remote shell upload vulnerability.
e1c910902237872a9a7ebb40f19760f24f84f89e4b7e66a2979867c3d7860ef2Webpay E-Commerce version 1.0 suffers from an ignored default credential vulnerability.
0a2cdc637a85014c256571ab2eb19dd8dd8b45d02c59e07da79f3de235193b79SPIP version 4.2.12 suffers from a code execution vulnerability.
4f6e93dcf418dfadc5d1f98f741eefce85aa39bb2208145b06e1fbe8c74a4707Online Sports Complex Booking System version 1.0 suffers from an ignored default credential vulnerability.
7ef39718e1694996d6c3234f87defd525659e7cde8353fa86e03c43c5fd1bf04Online Shopping Portal Project version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2aaf65cb555486e2820ada0ce32bf28469f0c31b148f9f82386b338d41703ea5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed