This exploit targets the 'PTRACE_TRACEME' vulnerability in the Linux Kernel 5.1.x version. It leverages the PolKit_Exec frontend and PolKit_Action to escalate privileges locally. The exploit code has been modified from the original discovery by Jann Horn and the exploit code by BColes. It accesses variables, initiates the SUID process, and attaches to the midpid for further exploitation.
This exploit targets the MicroTik RouterOS SNMPd snmp-set function, causing a denial of service. Other operating systems may also be vulnerable, such as Linux.
Modbus Slave 7.3.1 < 7.4.2 Buffer Overflow
Pinkie 2.15 TFTP Remote Buffer Overflow
The Quick.CMS version 6.7 is vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) attacks. An authenticated attacker can exploit this vulnerability to perform actions on behalf of the victim user and execute malicious scripts in the victim's browser.
The WordPress plugin Contact Form to Email version 1.3.24 is vulnerable to stored cross-site scripting (XSS) attacks. An authenticated attacker can create a new form with a malicious script as the form name. When the form is published, the XSS payload is executed when the form is accessed.
An SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter.
Xlight FTP 3.9.3.1 'Access Control List' Buffer Overflow (PoC)
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.
This exploit allows an attacker to execute arbitrary code remotely on the Apache HTTP Server version 2.4.50. The vulnerability was assigned CVE-2021-41773 and CVE-2021-42013.
Services By CQR