Proof of concept code for the Microsoft Windows DWM Core library elevation of privilege vulnerability. The researcher shows how they reversed the patch, how the heap overflow is produced, and overall gives a complete walk through of their process.
ae21b7b798fa9141cefb1411db92e94dfef6796823599323e49ec4cfcc3f7c0d
By having specific DDL permissions set in Oracle 19c, you can bypass access restrictions normally in place for VPD (virtual private database).
ff60854406414096e014384dc484cf5d2a0ecd59484b16d36d5fb5dd40a2a5f3
PPDB version 2.4-update 6118-1 suffers from a remote blind SQL injection vulnerability.
9d523a1c4c7a1e4958bb28bea2acec5647cfe8b259c7789ee6c3b10177fbb4d5
POMS version 1.0 suffers from an ignored default credential vulnerability.
e96b4926531826f22ee72eeb7f339d7761192178a35f69af5d5141abbc8b63c1
Pharmacy Management System version version 1.0 suffers from an ignored default credential vulnerability.
6c367c1c4b085e72851f370194180a14f132217419dbc26645d989d1f50bd05c
PDF Generator Web Application version 1.0 suffers from an ignored default credential vulnerability.
ea0edf3e01f27c48e18ff7db4471b92d0d058e7c65718cf02003efd67a75fb49
Park Ticketing Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1273e992f54e38d81032650942cf05f0d1f6d8b4728541c4e226b2c694587317
Online Travel Agency System version 1.0 suffers from an ignored default credential vulnerability.
33fc5279701fd33248284f756fca51419cb1e797d0158e5bc05d6612e87f5c60
Online Tours and Travels Management System version 1.0 suffers from an ignored default credential vulnerability.
4a5b9ca0712889f86abf481cbffe6181dc9758a00fca6adde682fe4a8dea1f53
Online Survey System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
0660b2849a4e1a0328a3532eed3666413e8e50508288962d63eca364d91fe25c
C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a command injection vulnerability.
e6ab13a0246110b44dcdf4979931f3c724f8288c7be0ae45d14d5e88b8828ed4
C-MOR Video Surveillance versions 5.2401 and 6.00PL01 stores sensitive information, such as credentials, in clear text.
8db1a14276a8b4afd861e338c4174f26f883c0e15f48c5cde474fcac3953dedd
C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from an improper privilege management vulnerability that can allows for privilege escalation.
2f2ea225657058c95e1bc52540ab6b85b8f472f2bc7c04ebb877194055c37e90
C-MOR Video Surveillance version 5.2401 suffers from a remote shell upload vulnerability.
787e5049c9d126f909aa923e05bb07cd07413bc5154345d71f346e74ec5c9114
C-MOR Video Surveillance version 5.2401 suffers from a path traversal vulnerability.
6fe58f550278f2bf7107e64be242c5fbad1b8ffd839d50b19fc56c102e4780e2
C-MOR Video Surveillance version 5.2401 suffers from an improper access control privilege escalation vulnerability that allows for a lower privileged user to access administrative functions.
32777de2ae7cbdb7a5ea02bd7eb88688b8d67865352de7b14c8e41c4d0568f1a
C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a remote SQL injection vulnerability.
3631436bc00a5ef9505d823e81f823511bc49dc2698141fab1c6e02a8b517a74
C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a cross site request forgery vulnerability.
280ac578aec4b568b932c6180b77dd607186ef35d18e5d6e3f81d7c2e2a25b04
C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a persistent cross site scripting vulnerability.
1c20fdc720d1f9d37d1f2af502f48729eb04135e13883038d161f9835b8b3f55
C-MOR Video Surveillance version 5.2401 suffers from a reflective cross site scripting vulnerability.
b6dd21760972bd50552c5c42a0225c1feee7b02dec561b4da5ec6673a6543af4
Travel version 1.0 suffers from a remote shell upload vulnerability.
e1c910902237872a9a7ebb40f19760f24f84f89e4b7e66a2979867c3d7860ef2
Webpay E-Commerce version 1.0 suffers from an ignored default credential vulnerability.
0a2cdc637a85014c256571ab2eb19dd8dd8b45d02c59e07da79f3de235193b79
SPIP version 4.2.12 suffers from a code execution vulnerability.
4f6e93dcf418dfadc5d1f98f741eefce85aa39bb2208145b06e1fbe8c74a4707
Online Sports Complex Booking System version 1.0 suffers from an ignored default credential vulnerability.
7ef39718e1694996d6c3234f87defd525659e7cde8353fa86e03c43c5fd1bf04
Online Shopping Portal Project version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2aaf65cb555486e2820ada0ce32bf28469f0c31b148f9f82386b338d41703ea5