EUVD-2019-0169

Malware in sbrugna...

EUVD-2019-8966

Malware in sbrugna...

craftercms 4.x.x - CORS

Exploit Title: craftercms 4.x.x - CORS Author: nu11secur1ty Date: 03.07.2023 Vendor: https://docs.craftercms.org/en/4.0/index.html Software: https://github.com/craftercms/craftercms/tags = 4.x.x Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...

CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the...

Crowd DC Critical Security Misconfiguration Vulnerability - CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the crowd application...

CVE-2020-1705

The CVE-2020-1705 issue affects openshift/template-service-broker-operator prior to version 4.3.0. The root cause is an insecure modification vulnerability in /etc/passwd, allowing an attacker with container access to modify /etc/passwd and escalate privileges (local, with low privileges required...

CVE-2019-14870

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U MS-SFU Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos...

CVE-2019-14901

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability ...

CVE-2019-10168

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...

CVE-2019-10168

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...

Regular Expression Denial of Service in debug

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. This was later re-introduced in version v3.2.0, and...

Remote Code Execution in pg

Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. There are two specific scenarios in which it is likely for an application to be vulnerable: 1. The application executes unsafe, user-supplied sql...

vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection

vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection + Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage:...

vBulletin Advanced User Tagging Mod - Stored XSS Vulnerability

No description provided by source. Exploit Title: Advanced User Tagging vBulletin - Stored XSS Vulnerability Google Dork: intext:usertagpro Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...

CMS 4.x.x Zorder (SQL Injection Vul)

No description provided by source. + Exploit Title : CMS 4.x.x Zorder SQL Injection Vul + Author : Kr4L BeNiM + Contact : www.facebook.com/kr4l.hacker + Date : November 13, 2011 + Software Link: http://mambo-developer.org + Category: Web Apps Vulnerability: SQL injection Vulnerability Exploit : -...

vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection

vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on:...

vBulletin 4.1.3 SQL Injection

Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...

vBulletin VBExperience Cross Site Scripting

++++++++++++++++++++++++++++++++++++++++ Author : Mr.ThieF alert1; Example : http://www.vbaddict.net/xperience.php?go=ranking&order=asc&sort="alert1; ++++++++++++++++++++++++++++++++++++++++...