The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and property getters.
2c54899cf0b5cf9ab027a5329061b62eStudent Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
5461c3ba471eba425783842dcc1f9e29Podcast Generator version 3.1 suffers from a persistent cross site scripting vulnerability.
ae8038f9be106fca0d51f9c7a9b18969Chamilo LMS version 1.11.14 authenticated remote code execution exploit.
5a8f8f1545cefe375862b9f2c4609083There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.
50dcfd05a094914cf819e98d3f2de507Firefox 72 IonMonkey JIT type confusion exploit.
7a96469356a9cfa5498f5fb7edfb4a08ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Windows targets.
04c215bbe62a07fd802ce382554daf46Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll use-after-free exploit.
f762d7cc3b848be95e980dbf64f8fd46ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Linux targets.
3ad6c1b0c4cf0a0d3c8de295a42f4340OpenPLC WebServer version 3 authentication remote code execution exploit.
b43b406cdd773e40446d95720bd60c23Dental Clinic Appointment Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities with one of them allowing for authentication bypass.
590039c72fd98d00add5038df52eb7a0ZeroShell version 3.9.0 remote command execution exploit.
6136d89b624e83529112cda72e8b9e5eThe Container Manager Service does not configure STORVSP correctly when opening mapped named pipes leading to privilege escalation.
970b0826e9c53e62fb981f362a8095f7This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.
1fba1ff491cb6bf069766f65d4437c6eThe Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.
ad4654c8ed7054c3225224811ba94b15The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.
ae8247dda745d9d8d6c85bfb03878028The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.
12c1abb8e71fc62e306c9bc1dea254d3Backdoor.Win32.Delf.zho malware suffers from bypass and code execution vulnerabilities.
487f9e14ba262dfab66e64b94678938bChevereto version 3.17.1 suffers from a persistent cross site scripting vulnerability.
d2fa311cc91e61a5447460593e31993dAndroid NFC suffers from a type confusion vulnerability in nfa_rw_sys_disable.
c8afe4ec5b084a950377d0e1557801f8Splinterware System Scheduler Professional version 5.30 suffers an unquoted service path vulnerability that allows for privilege escalation.
8f6dbe88705c0cb72b7fc1c5e9131bafOdoo version 12.0.20190101 suffers from an unquoted service path vulnerability.
2818299cf76dd1bf13481c862d845df4Customer Relationship Management (CRM) System version 1.0 suffers from a remote shell upload vulnerability.
fd0485926223aa2206f5546dccf46c64Customer Relationship Management (CRM) System version 1.0 suffers from a persistent cross site scripting vulnerability.
cf0d47675e4753962da5db34f3ef7c4dCustomer Relationship Management (CRM) System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
df2f1ca3c4905b571716bcf98058482c
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed