CVE-2021-1647 Microsoft Windows Defender Zero-Day Vulnerability

Microsoft Defender Remote Code Execution Vulnerability Recent assessments: cdelafuente-r7 at January 13, 2021 3:55pm UTC reported: No useful information has been published so far and most of the speculations found online are based on the CVSS 3.0 metrics found in the advisory. That said, the atta...

Information disclosure

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet IRP can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability...

The SolarWinds Perfect Storm: Default Password, Access Sales and More

SECOND UPDATE A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password “SolarWinds123” that gave attackers an open door into its...

CVE-2020-35395

CVE-2020-35395 describes a stored XSS vulnerability in the EGavilan Media Expense Management System 1.0, affecting the Add Expense Component. The underlying issue is that the attacker-supplied string in the description field can inject JavaScript, leading to persistent client-side code execution....

Microsoft Exchange Server 代码注入漏洞

Microsoft Exchange Server is a mail server and calendar server developed by Microsoft. A remote code execution vulnerability exists in Microsoft Exchange Server. An attacker could exploit this vulnerability to achieve remote code execution...

ImageMagick Digital Error Vulnerability (CNVD-2021-10264)

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. A numeric error vulnerability exists in GammaImage in /MagickCore/enhance.c in versions of ImageMagick prior to 7.0.8-68. An attacker could cause a denial of service b...

Perfex CRM 2.4.4 Cross Site Scripting

Document Title: =============== Perfex v2.4.4 CRM - Print Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2231 Release Date: ============= 2020-06-24 Vulnerability Laboratory ID VL-ID: ==================================== 22...

User Registration & Login and User Management System 2.1 - Cross Site Request Forgery

Exploit Title: User Registration & Login and User Management System 2.1 - Cross Site Request Forgery Exploit Author: Dipak Panchalth3.d1p4k Vendor Homepage: https://phpgurukul.com Software Link: http://user-registration-login-and-user-management-system-with-admin-panel Version: 5 Tested on Window...

EgavilanMedia User Registration And Login System With Admin Panel 1.0 CSRF

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Date: 01-12-2020 Exploit Author: Hardik Solanki Vendor Homepage: http://egavilanmedia.com Software Link:...

Under Construction Page with CPanel 1.0 - SQL injection

Exploit Title: Under Construction Page with CPanel 1.0 - SQL injection Date: 17-11-2020 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/under-construction-page-with-cpanel/ Version: 1.0 Tested on: PopOS SQL Injection: SQL...

Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting

Exploit Title: Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting Date: 24-11-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://www.sourcecodester.com/php/14600/online-news-portal-using-phpmysqli-source-code.html Software Link:...

CVE-2020-8539

CVE-2020-8539 affects Kia Motors head units (SOP.003.30.18.0703, SOP.005.7.181019, SOP.007.1.191209). The vulnerability arises from an arbitrary command execution via the micomd daemon, enabling an attacker with local access to inject commands and generate CAN frames on the M-CAN multimedia bus. ...

WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Mayur Parmar Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: PopOS Stored Cross-site scriptingXSS: Stored attacks are those where the injected script is permanently store...

Task Center has an unauthorized access vulnerability

Task Center is a management system. An unauthorized access vulnerability exists in Task Center. An attacker could exploit this vulnerability to obtain sensitive information...

OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting

Exploit Title: OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=cms/download Version: 3.0.3.6 Tested on: Windows 10/Kali Linux CVE:...

Wonder CMS 3.1.3 Cross Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux Stored Cross-site scriptingXSS: Stored XSS, also known as persistent XS...

WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29233 Stored Cross-site scriptingXSS: Stored XSS, also...

Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting

Exploit Title: Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-12 Vendor Homepage: https://froxlor.org/ Software Link: https://froxlor.org/download/ Version: 0.10.16 Document Title: =============== Froxlor v0.10.16 ...

SugarCRM 6.5.18 - Persistent Cross-Site Scripting

Exploit Title: SugarCRM 6.5.18 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-16 Vendor Homepage: https://www.sugarcrm.com Version: 6.5.18 Document Title: =============== SugarCRM v6.5.18 - Contacts Persistent Cross Site Web Vulnerability References Source:...

CVE-2020-27484

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow...