348 matches found
PT-2025-32196 · Aomei · Aomei Backupper Workstation
Name of the Vulnerable Software and Affected Versions: AOMEI Backupper Workstation affected versions not specified Description: A local privilege escalation issue exists in AOMEI Backupper Workstation due to a link following flaw. This allows an attacker to gain elevated privileges on a compromis...
Critical Cisco 0day Exploited – Do you have Blind Spots in your Risk Management?
In the dynamic realm of cybersecurity, the importance of exhaustive vulnerability management and robust risk assessment is paramount. While agent-based solutions have garnered favor among organizations bolstering their cyber protections, it prompts the question: "Is an agent-only strategy truly...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 - Spring4shell To run the vulnerable SpringBoot...
(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...
Exploit for Path Traversal in Grafana
Grafana V8. Arbitrary File Reading Vulnerability – Multi-t...
CVE-2021-37976
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Recent assessments: gwillcox-r7 at October 02, 2021 7:27pm UTC reported: More info will be available at...
CVE-2014-4114
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a...
Gadget Works Online Ordering System 1.0 SQL Injection / Code Execution Vulnerabilities
Exploit Title: Gadget works online ordering system - Authentication Bypass SQLi Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 SQL Injection...
CMSimple 5.2 - (External) Stored XSS Vulnerability
Exploit Title: CMSimple 5.2 - 'External' Stored XSS Exploit Author: Quadron Research Lab Version: CMSimple 5.2 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.cmsimple.org/en/ Description The CMSimple 5.2 allow stored XSS via the Settings CMS Filebrowser "External:" input field...
CVE-2020-16017
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: gwillcox-r7 at November 22, 2020 2:37am UTC reported: Reported as...
Fedora 31 : firefox (2020-8a36678d16)
New upstream version 74.0.1, fixed 0day vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
CVE-2019-7287
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges. Recent assessments: gwillcox-r7 at November 22, 2020 2:38am UTC reported: Reported as exploited in the wild as pa...
CVE-2019-7286
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges. Recent assessments: gwillcox-r7 at November 22, 2020 2:38am UTC reported: Reported as...
SSDWLAB 6.1 - Authentication #Bypass Vulnerability
Exploit for asp platform in category web applications Exploit Title: SSDWLAB 6.1 - Authentication Bypass Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the...
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin) Exploit
Exploit for php platform in category web applications Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source:...
CVE-2019-3568
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to...
ManageEngine ServiceDesk Plus 9.3 - User Enumeration Vulnerability
Exploit for php platform in category web applications Exploit Title: ManageEngine ServiceDesk Plus - 9.3 User enumeration vulnerability Exploit Author: Alexander Bluestein Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/service-desk/download.htm...
CVE-2019-0703
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka ‘Windows SMB Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821. Recent assessments: gwillcox-r7 at November 22, 2020 2:42am UTC reported...
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
Exploit for linux platform in category local exploits runc . + constructed fdpath + badinit is ready -- see for logs. dying to allow /proc/self/exe to be unused... % cat /usr/sbin/docker-runc !/bin/bash touch /w00tw00t ; cat /etc/shadow And now if you try to use Docker normally, t...
Tebilisim Remote File Read Vulnerability
Exploit for php platform in category web applications This is private exploit. You can buy it at https://0day.today...