CVE-2022-23737 Improper Privilege Management in GitHub Enterprise Server leading to page creation and deletion

An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This...

CVE-2022-3360 LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers...

CVE-2022-35270

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

CVE-2022-35267

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

CVE-2022-3338 XXE in Trellix ePO server

An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...

CVE-2022-29089

Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST A...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5536-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5536-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

IBM Engineering Systems Design Rhapsody Access Control Error Vulnerability

IBM Engineering Systems Design Rhapsody is part of the IBM Engineering product portfolio from IBM Corporation, USA. It provides a collaborative design development and test environment for systems engineers supporting UML, SysML, UAF and AUTOSAR. An access control error vulnerability exists in IBM...

EUVD-2021-11133

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

Cisco Data Center Network Manager SQL Injection Vulnerability (CNVD-2021-09306)

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A SQL injection vulnerability exists in the REST API endpoint of Cisco Data Center...

Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote attackers by default in al...

Acunetix WVS 10 Local Privilege Escalation

''' ======================================================================== Acunetix WVS 10 - from guest to Sytem Local privilege escalation CVE: CVE-2015-4027 Author: me Daniele Linguaglossa Affected Product: Acunetix WVS 10 Exploit: Local privilege escalation Vendor: Acunetix ltd Remote: No...

Immunity Canvas: SPEECH

Name| speech ---|--- CVE| CVE-2007-2222 Exploit Pack| CANVAS Description| Microsoft Speech API 4v MS07-033 Notes| CVE Name: CVE-2007-2222 VENDOR: Microsoft MSADV: MS07-033 Repeatability: Infinite client side - no crash MSRC: http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx CVE URL...