468 matches found
PT-2025-32196 · Aomei · Aomei Backupper Workstation
Name of the Vulnerable Software and Affected Versions: AOMEI Backupper Workstation affected versions not specified Description: A local privilege escalation issue exists in AOMEI Backupper Workstation due to a link following flaw. This allows an attacker to gain elevated privileges on a compromis...
Critical Cisco 0day Exploited – Do you have Blind Spots in your Risk Management?
In the dynamic realm of cybersecurity, the importance of exhaustive vulnerability management and robust risk assessment is paramount. While agent-based solutions have garnered favor among organizations bolstering their cyber protections, it prompts the question: "Is an agent-only strategy truly...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 - Spring4shell To run the vulnerable SpringBoot...
(0Day) Ecava IntegraXor Inkscape EMF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ecava IntegraXor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...
Exploit for Path Traversal in Grafana
Grafana V8. Arbitrary File Reading Vulnerability – Multi-t...
CVE-2021-37976
Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Recent assessments: gwillcox-r7 at October 02, 2021 7:27pm UTC reported: More info will be available at...
CVE-2014-4114
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a...
Gadget Works Online Ordering System 1.0 SQL Injection / Code Execution Vulnerabilities
Exploit Title: Gadget works online ordering system - Authentication Bypass SQLi Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 SQL Injection...
CMSimple 5.2 - (External) Stored XSS Vulnerability
Exploit Title: CMSimple 5.2 - 'External' Stored XSS Exploit Author: Quadron Research Lab Version: CMSimple 5.2 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.cmsimple.org/en/ Description The CMSimple 5.2 allow stored XSS via the Settings CMS Filebrowser "External:" input field...
CVE-2020-16017
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: gwillcox-r7 at November 22, 2020 2:37am UTC reported: Reported as...
Google reveals details on active vulnerability affecting Windows 10, 7
By Waqas Google Project Zero has disclosed a Windows 0day vulnerability that lets attackers to escape Chrome sandboxes and run malware on Windows. This is a post from HackRead.com Read the original post: Google reveals details on active vulnerability affecting Windows 10, 7...
Fedora 31 : firefox (2020-8a36678d16)
New upstream version 74.0.1, fixed 0day vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
CVE-2020-8468
Trend Micro Apex One 2019, OfficeScan XG and Worry-Free Business Security 9.0, 9.5, 10.0 agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication. Recent...
CVE-2019-7286
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges. Recent assessments: gwillcox-r7 at November 22, 2020 2:38am UTC reported: Reported as...
CVE-2019-7287
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute arbitrary code with kernel privileges. Recent assessments: gwillcox-r7 at November 22, 2020 2:38am UTC reported: Reported as exploited in the wild as pa...
SSDWLAB 6.1 - Authentication #Bypass Vulnerability
Exploit for asp platform in category web applications Exploit Title: SSDWLAB 6.1 - Authentication Bypass Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the...
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin) Exploit
Exploit for php platform in category web applications Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source:...
CVE-2019-1367
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1221. Recent assessments: gwillcox-r7 at November 22, 2020 2:47am UTC...
CVE-2019-11708
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...
CVE-2019-3568
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to...