EUVD-2025-16726

Malicious code in bioql PyPI...

Linux kernel versions 6.8. Local Privilege Escalation 0day Exploit

...

Employee Performance Evaluation System v1.0 - File Inclusion and RCE

Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE Exploit Author: nu11secur1ty Date: 03.17.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...

Joomla! 4.1.2 Shell Upload 0day Exploit

...

Hotmail.com reset account 0day Exploit

Hotmail.com 0day Exploit can reset any email account...

Log4j 0day mitigation update CVE-2021-44228

Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit i...

NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit

Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME, 'password': PASSWOR...

LightCMS 1.3.4 - (exclusive) Stored XSS Vulnerability

Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux CVE: CVE-2021-335...

EspoCRM 5.8.5 - Privilege Escalation Vulnerability

Exploit for multiple platform in category web applications Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT...

YARA webinar follow up

If you read my previous blogpost Hunting APTs with YARA then you probably know about the webinar we conducted on March 31, 2020, showcasing some of our experience in developing and using YARA rules for malware hunting. In case you missed the webinar - or if you attended and want to re-watch it -...

AVideo Platform 8.1 - Information Disclosure (User Enumeration) Vulnerability

Exploit for jsp platform in category web applications Exploit Title: AVideo Platform 8.1 - Information Disclosure User Enumeration Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...

AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset) Vulnerability

Exploit for jsp platform in category web applications Exploit Title: AVideo Platform 8.1 - Cross Site Request Forgery Password Reset Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...

PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.websitem.biz/hazir-site/pro-7070-hazir-mobil-tablet-uyumlu-web-sitesi Tested on: Kali Linux Version...

TP-Link Archer VR300 1 Cross Site Scripting Vulnerability

Exploit for hardware platform in category web applications I. VULNERABILITY ------------------------- Stored XSS Vulnerability on TP-Link Archer VR300 v1 - firmware version: 1.3.0 0.8.0 v007b.1 build 180905 Rel.55344n II. CVE REFERENCE ------------------------- - III. VENDOR...

vBulletin 5.x Pre-Auth Remote Code Execution

!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...

Solaris 7/8/9 (#SPARC) - (dtprintinfo) Local Privilege Escalation (1) Exploit

Exploit for solaris platform in category local exploits / raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability an...

SOCA Access Control System 180612 - CSRF (Add Admin) Vulnerability

Exploit for php platform in category web applications SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximity and Fingerprint...

CVE-2019-5786: chrome in the wild exploit 0day vulnerability alerts-a vulnerability alert-the black bar safety net

! 0x00 vulnerability background Beijing 3 month 6 days, 360CERT monitoring to chrome release version update72.0.3626.119-72.0.3626.121, fixes in the wild using CVE-2019-5786。 The vulnerability to harm is more serious, a greater impact. 0x01 vulnerability details CVE-2019-5786 is located on the...

ManageEngine OpManager 12.3 Privilege Escalation Vulnerability

ManageEngine OpManager version 12.3 suffers from a weak permissions issue in which an attacker can replace the service binary with a binary of his choice. This service runs as Localsystem thus allowing for a privilege escalation vector. ManageEngine OpManager Privilege Escalation Vendor: Zoho...

Matrix MLM Script 1.0 SQL Injection Vulnerability

Matrix MLM Script version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Matrix MLM Script 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://royallifefoundation.org/ Software Link:...