University Registration System 1.0 Insecure Direct Object Reference

University Registration System version 1.0 suffers from an insecure direct object reference vulnerability that allows for information disclosure. Exploit Title: University Registration System - IDOR Leads to Information Disclosure Date: 2025-03-25 Exploit Author: wa03/td9l Telegram: @wa03/@td9l...

CVE-2024-8789

Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service ReDoS attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS version 15, which originates from an application that may be able to obtain root privileges...

Fedora 38 : rust-routinator (2024-28a151028a)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-28a151028a advisory. from changelog: Fix the RTR listener so that Routinator wont exit if an incoming RTR connection is closed again too quickly. 937, reported by Yohei Nishimura...

PT-2023-26107 · Geeklog · Geeklog

Name of the Vulnerable Software and Affected Versions: Geeklog version 2.2.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of...

RHEL 8 : python27:2.7 (RHSA-2023:3810)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3810 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types...

CVE-2023-31115

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application...

Apple iOS 和 iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and iPadOS, which originates from an application that may be able...

CVE-2023-0022 Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)

SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application...

JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF

The plugin does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript. XSS will be triggered when...

Engineers Online Portal 1.0 - (id) SQL Injection Vulnerability

Exploit Title: Engineers Online Portal 1.0 - 'id' SQL Injection Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...

CVE-2021-27043

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application...

Notex the best notes 6.4 - Denial of Service (PoC)

Exploit Title: Notex the best notes 6.4 - Denial of Service PoC Date: 06-14-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/notex-the-best-notes/id847994217 Version: 6.4 Category: DoS iOS Vulnerability Notex – the best notes is vulnerable to a DoS condition when a long lis...

Updated nodejs-ini package fixes a security vulnerability

It was discovered that there was an issue in nodejs-ini, where an application could be exploited by a malicious input file. This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on th...

CVE-2020-1581

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the syste...

Microsoft Windows Backup Engine Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Windows Backup Engine is one of the Windows backup engines. An elevation of...

Microsoft Windows Function Discovery SSDP Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows Function Discovery SSD...

Microsoft Windows Network Connections Service elevation of privilege vulnerability (CNVD-2020-40868)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in the Microsoft Windows Network Connection...

Microsoft Windows AppX Deployment Extensions Elevation of Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows AppX Deployment...

OneDrive for Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status. To exploit this vulnerability, an attacker would...