EUVD-2006-6412

Malware in sbrugna...

EUVD-2008-1752

Malware in sbrugna...

EUVD-2004-0160

Malware in sbrugna...

EUVD-2022-2124

Malicious code in bioql PyPI...

EUVD-2022-41048

Malicious code in bioql PyPI...

CVE-2025-21012

Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration...

CVE-2025-44652

In Netgear RAX30 V1.0.10.943, the USERLIMITGLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected...

CVE-2025-7101 BoyunCMS Configuration File install_ok.php code injection

A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/installok.php of the component Configuration File Handler. The manipulation of the argument dbpass leads to code injection. It is possible to initiate the atta...

CVE-2019-6663

The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning DNS Rebinding attack...

Improperly Configured rack_attack.rb does not prevent rate limit attacks

Description The lobsters repository depends upon rackattack.rb to prevent rate limit attacks against the /login or the /login/setnewpassword endpoint, allowing for only 4 requests in a minute. However, this can be bypassed by simply appending some strings like /login.turtles to the endpoint. Proo...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the vulnerable configuration is present. The exploit targets PHP 7+ and works by appending a specially...

CVE-2018-12356

An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...

CVE-2015-7703

The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration...

Blind-Sql-Bitshifting - Blind SQL Injection via Bitshifting

This is a module that performs blind SQL injection by using the bitshifting method to calculate characters instead of guessing them. It requires 7/8 requests per character, depending on the configuration. Usage import blind-sql-bitshifting as x Edit this dictionary to configure attack vectors...

CVE-2014-4703

lib/parseini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701...

CVE-2014-4703

lib/parseini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701...