CVE-2022-21476

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

CVE-2021-32933

MDT AutoSave (MDT Software) prior to v6.02.06 is affected by a command-injection vulnerability in the API that fails to validate input, enabling an attacker to pass a malicious file and manipulate the process creation command line to execute a malicious process. The issue is documented across mul...

CVE-2021-32933 MDT AutoSave Command Injection

An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process...

Code injection

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

CVE-2021-35588

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker wi...

Zoho ManageEngine OpManager SQL Injection Vulnerability (CNVD-2021-88240)

ZOHO ZOHO ManageEngine OpManager is an end-to-end integrated network management software, which can realize all-round, visualized, unified and centralized monitoring and management of IT infrastructure such as network devices, servers, hosts, WAN links, applications and services within the...

HTTP Request Smuggling

nginx is vulnerable to HTTP request smuggling. A remote attacker is able to smuggle HTTP requests via the ngx.location.capture API...

CVE-2018-3180

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

Authorization Bypass in I hate money

Impact An authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's private code. With the default...

CVE-2020-2830

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl...

Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D

DLL Abuse Techniques Overview Dynamic-link library DLL side-loading occurs when Windows Side-by-Side WinSxS manifests are not explicit about the characteristics of DLLs being loaded by a program. In layman’s terms, DLL side-loading can allow an attacker to trick a program into loading a malicious...

CVE-2019-2745

CVE-2019-2745 is an OpenJDK/Java SE vulnerability in the Security subcomponent with affected Java versions including 7u221, 8u212, and 11.0.3. Multiple advisories (CentOS, RHEL/CentOS, Debian) describe this as a side-channel risk in EC cryptography or related OpenJDK components, with exploitation...

X (Formerly Twitter): CORS misconfig | Account Takeover

Summary: CORS misconfig is found on niche.co as Access-Control-Allow-Origin is dynamically fetched from client Origin header with credential true and different methods are enabled as well. Description: Basically, the application was only checking whether "//niche.co" was in the Origin header, tha...

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

LifeSize Room 5.0.9 - Multiple Vulnerabilities

LifeSize Room 5.0.9 - Multiple Vulnerabilities Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar...

Acunetix WVS 10 - Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits ''' ======================================================================== Acunetix WVS 10 - from guest to Sytem Local privilege escalation CVE: CVE-2015-4027 Author: me Daniele Linguaglossa Affected Product: Acunetix WVS 10 Exploit: Local...

Cat Soft Serv-U FTP Server 2.5ab (Windows 95982000NT 4.0) - Shortcut

Cat Soft Serv-U FTP Server 2.5ab Windows 95982000NT 4.0 - Shortcut Cat Soft Serv-U 2.5/a/b,Windows 2000 Advanced Server/2000 Datacenter Server/2000 Professional/2000 Server/2000 Terminal Services/95/98/NT 4.0/NT Enterprise Server 4.0/NT Server 4.0/NT Terminal Server 4.0/NT Workstation 4.0 Shortcu...