1224 matches found
Joomla! 3.x < 3.10.17 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.17, 4.x prior to 4.4.7 or 5.x prior to 5.1.3. It is, therefore, affected by multiple vulnerabilities. - The stripImages and stripIframes methods didn't properly process inputs,...
CVE-2024-45159
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtlssslgetverifyresult would...
CVE-2024-45159
CVE-2024-45159 affects Mbed TLS 3.x before 3.6.1. In TLS 1.3, when a server enables optional client authentication and the client certificate lacks proper values in keyUsage or extKeyUsage, mbedtls_ssl_get_verify_result() may incorrectly clear MBEDTLS_X509_BADCERT_KEY_USAGE bits. This can allow a...
CVE-2024-45506
HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding h2send loop under a certain set of conditions, as exploited in the wild in 2024...
Samba read_nttrans_ea_list Integer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/struct2' class MetasploitModule 'Samba readnttransealist Integer Overflow', 'Description' = %q Integer overflow in the readnttransealist function in nttrans...
Exploit for Improper Input Validation in Cacti
This repository is a PoC exploit for CVE-2024-25641, a vulnerabi...
CBL Mariner 2.0 Security Update: ruby (CVE-2024-27282)
The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27282 advisory. - An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex...
PT-2024-29681
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.x through 1.1.1 OpenSSL versions 3.x through 3.0.5 OpenSSL versions prior to 17.0.5 Description Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allow...
Exploit for Incorrect Privilege Assignment in Litespeedtech Litespeed_Cache
LiteSpeed Cache Privilege Escalation PoC - CVE-2024-28000 Thi...
Joomla 3.0.x < 3.10.17 / 4.0.x < 4.4.7 / 5.0.x < 5.1.3 Multiple Vulnerabilities (5910-joomla-5-1-3-and-4-4-7-security-and-bug-fix-release)
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 3.10.17, 4.0.x prior to 4.4.7, or 5.0.x prior to 5.1.3. It is, therefore, affected by multiple vulnerabilities. - Inadequate validation of URLs could result into an invalid check...
Exploit for OS Command Injection in Netgate Pfblockerng
CVE-2022-31814 Updated Exploit - pfBlockerNG = 2.1.426 U...
Exploit for Incorrect Authorization in Nexxtsolutions Nebula1200-Ac_Firmware
EN This project provides a proof-of-concept exploit for a remo...
Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System
CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...
Exploit for Path Traversal in Microsoft
Exploiting Follina CVE and CVE-2021-40444 Vulnerabilities...
Exploit for OS Command Injection in Netgate Pfblockerng
CVE-2022-31814 Updated Exploit - pfBlockerNG = 2.1.426 U...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Linux Linux_Kernel
🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...
Joomla! 3.x < 3.10.16 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...
Exploit for Race Condition in Openbsd Openssh
🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...
CVE-2024-5535
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
Exploit for CVE-2023-33105
CVE-2023-33105: Transient DOS in WLAN Host and Firmware Ov...