19 matches found
CVE-2026-44888
Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...
CVE-2025-55462
A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticat...
CVE-2025-67826
An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation LPE vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit...
CVE-2025-67826
An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation LPE vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit...
EUVD-2022-49970
Malicious code in bioql PyPI...
CVE-2025-6020
A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...
GHSA-WX24-VQRG-M6M5 VuFind Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...
CVE-2024-25738
Vulnerability summary : Open Library Foundation VuFind versions 2.0–9.1 before 9.1.1 have a Server-Side Request Forgery (SSRF) in the /Upgrade/FixConfig route. The issue lets a remote attacker overwrite local configuration files and could lead to Remote Code Execution, enabled when allow_url_incl...
PT-2023-4089 · Pam Krb5 +2 · Pam Krb5 +2
Name of the Vulnerable Software and Affected Versions: pam krb5 affected versions not specified Description: The issue is related to the incorrect implementation of the authentication algorithm in the pam krb5 module. This allows an attacker to gain unauthorized access to the system by controllin...
Moodle Pre-Auth Remote Code Execution 0day Exploit
The exploit allow remote code execution, work with default installations and should not require any authentication or user interaction. 0day exploit affecting recent versions of Moodle...
WordPress 5.9.0 core Remote Code Execution 0day Exploit
This python exploit allow remote code execution, work with default installations and should not require any authentication or user interaction...
PT-2019-17017 · Ibm · Ibm Storwize V7000 Unified
Name of the Vulnerable Software and Affected Versions: IBM Storwize V7000 Unified 2073 version 1.6 Description: The issue allows an attacker to reveal the server version in a default installation, which could be used in further attacks against the system. Recommendations: For IBM Storwize V7000...
WebEx Local Service Permissions Code Execution Exploit
This Metasploit module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...
WebEx - Local Service Permissions Exploit (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebEx Local Service Permissions Exploit', 'Description' = %q This module exploits a flaw in the 'webexservice' Windows service, which runs as...
WebEx Local Service Permissions Exploit
This module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...
Hadoop, CouchDB Next Targets in Wave of Database Attacks
Insecure Hadoop and CouchDB installations are the latest targets of cybercriminals who are hijacking and deleting data. Last week, security researchers said 28,000 MongoDB and Elasticsearch installations were hacked in a new wave of attacks against unprotected open source data management platform...
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
!/usr/bin/python MySQL / MariaDB / Percona - Remote Root Code Execution / PrivEsc PoC Exploit CVE-2016-6662 0ldSQLMySQLRCEexploit.py ver. 1.0 For testing purposes only. Do no harm. Discovered/Coded by: Dawid Golunski http://legalhackers.com This is a limited version of the PoC exploit. It only...
PostgreSQL for Linux Payload Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/postgres' class Metasploi...
CVE-2002-2037
The Cisco Media Gateway Controller MGC in 1 SC2200 7.4 and earlier, 2 VSC3000 9.1 and earlier, 3 PGW 2200 9.1 and earlier, 4 Billing and Management Server BAMS and 5 Voice Services Provisioning Tool VSPT runs on default installations of Solaris 2.6 with unnecessary services and without the latest...