Metasploit Wrap-Up 12/19/2025

React2Shell Payload Improvements Last week Metasploit released an exploit for the React2Shell vulnerability, and this week we have made a couple of improvements to the payloads that it uses. The first improvement affects all Metasploit modules. When an exploit is used, an initial payload is...

VulnCheck KEV: CVE-2025-9316

N-central 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4...

CVE-2025-9316

creationtimestamp| type| source ---|---|--- 2025-11-18 18:14:32+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-9316.yaml 2025-11-20 13:07:24+00:00| seen|...

CVE-2024-9316

A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2019-9316

In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052432...

CVE-2024-9316

creationtimestamp| type| source ---|---|--- 2024-09-28 22:50:42+00:00| seen| https://t.me/cvedetector/6613...

CVE-2024-9316

A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-9316 code-projects Blood Bank Management System B+.php sql injection

A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2024-9316 code-projects Blood Bank Management System B+.php sql injection

A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2019-9316

CVE-2019-9316 affects Android’s media stack via the libstagefright component, where a missing variable initialization is cited as the root cause. This flaw could enable remote information disclosure without extra privileges, with user interaction required for exploitation. Affected product is And...

CVE-2015-9316

The CVE applies to the WordPress WP Fastest Cache plugin before 0.8.4.9. Vulnerable component: wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request, where the poll_id parameter is unsafely used in a SQL query, enabling SQL injection. Root cause: improper sanitization/escaping in the AJAX hand...

CVE-2018-9316

...

CVE-2018-9316

CVE-2018-9316 is a reservation duplicate of CVE-2018-9312. The connected CVE-2018-9312 describes a vulnerability in BMW Head Unit HU_NBT (Infotainment) used across i/X3/3/5/7 Series models (2012–2018). It allows a local attack when a USB device is plugged in. The vulnerability affects the Head Un...

CVE-2017-9316

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...

CVE-2016-9316

Trend Micro IWSVA 6.5.x before Build 1737 is affected by CVE-2016-9316 due to improper validation in the updateaccountadministration servlet, allowing authenticated remote attackers with minimal privileges to trigger stored XSS via accountnamelocal/description parameters. Impact per sources is st...

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 - Multiple Vulnerabilities

Exploit Title: Trend Micro Interscan Web Security Virtual Appliance IWSVA 6.5.x Multiple Vulnerabilities Date: 28/11/2016 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://www.trendmicro.com/us/enterprise/network-security/interscan-web-security/virtual-appliance/ Version...

CVE-2016-9316

creationtimestamp| type| source ---|---|--- 2016-11-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41361...

FreeBSD : ffmpeg -- multiple vulnerabilities (65b14d39-d01f-419c-b0b8-5df60b929973)

Please reference CVE/URL list for details %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and contributors Redistribution and use in source VuXML and...

CVE-2014-9316

The mjpegdecodeapp function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds heap access and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file...

CVE-2014-9316

FFmpeg CVE-2014-9316 affects the mjpeg_decode_app in libavcodec/mjpegdec.c and can cause a denial of service (out-of-bounds heap access) via MJPEG LJIF tag vectors. Vulnerable versions include FFmpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4. The issue arises from improper bounds ...