Exploit for Code Injection in Microsoft

Reverse Shell-able Exploit POCs Sharing the list of Windows e...

CVE-2025-8440 Team Members <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Team Members plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the first and last name fields in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress Team Members plugin <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Team Members versions = 5.3.5...

MAL-2025-8440 Malicious code in @mallutrojan005/mallu (npm)

The package @mallutrojan005/mallu was found to contain malicious code...

CVE-2024-8440

creationtimestamp| type| source ---|---|--- 2024-09-11 10:19:26+00:00| seen| https://t.me/cvedetector/5337...

SUSE CVE-2015-8440

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via...

Mageia: Security Advisory (MGASA-2014-0448)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8440

controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...

CVE-2020-8440

CVE-2020-8440 affects Simplejobscript.com SJS, specifically the controllers/page_apply.php component, up through version 1.66. The issue is an unauthenticated Remote Code Execution vulnerability triggered by uploading a PHP script as a resume, allowing attackers to execute arbitrary code on the s...

CVE-2019-8440

CVE-2019-8440 affects DiliCMS 2.4.0. Affected component: the site_logo field (third textbox) under System setting → site setting in admin/index.php. Description from multiple sources confirms a Stored XSS vulnerability in that field, allowing injection of arbitrary web script/HTML. The root cause...

Microsoft Windows ALPC Task Scheduler Local Privilege Elevation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/post/windows/priv' require 'msf/core/post/windows/registry' TODO: Do we need this? require 'msf/core/exploit/exe' class...

Immunity Canvas: ALPC_TASKSCHED_LPE

Name| alpctaskschedlpe ---|--- CVE| CVE-2018-8440 Exploit Pack| CANVAS Description| ALPC Tasksched LPE Notes| CVE Name: CVE-2018-8440 Notes: WARNING: The PrintConfig.dll on the target host will be overwritten when the exploit runs. Tested: Windows 10 1703 x64 Windows 10 1803 x86 VENDOR: Microsoft...

CVE-2018-8440

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC, aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8....

CVE-2018-8440

creationtimestamp| type| source ---|---|--- 2018-09-11 23:24:48+00:00| exploited| https://t.me/informationsecuritychannel/20194 2018-09-11 23:30:55+00:00| exploited| https://t.me/cibsecurity/156 2018-09-12 03:14:09+00:00| published-proof-of-concept| https://t.me/ctinow/2319 2018-09-12...

Microsoft Patches Actively Exploited Bug as Part of Patch Tuesday

UPDATE Microsoft has patched an elevation-of-privilege vulnerability it said is actively being exploited by hackers. The fix was part of Microsoft’s scheduled September Patch Tuesday release, which also included fixes for two other bugs found being used in the wild, including the zero-day found i...

Patch Tuesday, September 2018 Edition

Adobe and Microsoft today each released patches to fix serious security holes in their software. Adobe pushed out a new version of its beleaguered Flash Player browser plugin. Redmond issued updates to address at least 61 distinct vulnerabilities in Microsoft Windows and related programs, includi...

KB4457128: Windows 10 Version 1803 and Windows Server Version 1803 September 2018 Security Update

The remote Windows host is missing security update 4457128. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way...

KB4457143: Windows 8.1 and Windows Server 2012 R2 September 2018 Security Update

The remote Windows host is missing security update 4457143 or cumulative update 4457129. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could...

KB4457140: Windows Server 2012 September 2018 Security Update

The remote Windows host is missing security update 4457140 or cumulative update 4457135. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could...

Elastic Kibana 'CVE-2017-8440' Cross-site scripting (XSS) Vulnerability - Linux

Elastic Kibana is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...