Exploit for CVE-2020-15368

How to exploit a vulnerable windows driver Exploit and Proof...

Adobe ColdFusion 8 Remote Command Execution

Exploit Title: Adobe ColdFusion 8 - Remote Command Execution RCE Google Dork: intext:"adobe coldfusion 8" Date: 24/06/2021 Exploit Author: Pergyz Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html Version: 8 Tested on: Microsoft Windows Server 2008 R2 Standard CVE :...

CVE-2021-0487

In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Duplicate Advisory: Reflected cross-site scripting issue in Datasette

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xw7c-jx9m-xh5g. This link is maintained to preserve external references. Original Description Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette...

Cross-site Scripting (XSS)

datasette is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the ?trace=1 debugging feature...

SUSE: Security Advisory (SUSE-SU-2019:0527-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3060-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

COVID-19 Testing Management System 1.0 SQL Injection Exploit

COVID-19 Testing Management System version 1.0 remote SQL injection exploit based upon the original discovery by Rohit Burke in May of 2021. Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Authentication Bypass Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor...

CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

PYSEC-2021-89

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

Reflected cross-site scripting issue in Datasette

Impact The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as...

CVE-2021-32670 Reflected cross-site scripting issue in Datasette

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

CVE-2021-3198 and CVE-2021-3540: MobileIron Shell Escape Privilege Escalation Vulnerabilities

Ivanti MobileIron Core versions 10.7.0.1-9 and 11.0.0.1-3 suffer from two restricted shell escape vulnerabilities through the install rpm command present in the clish restricted shell. These issues have been fixed in version 11.1.0.0, released on March 15, 2021. The first, CVE-2021-3198, is an...

Local Service Search Engine Management System 1.0 SQL Injection

Exploit Title: SQL injection, bypass the login page, Local Service Search Engine Management System 1.0 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 06.02.2021 Vendor:...

CVE-2021-33591

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

CVE-2021-33591

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

CVE-2021-33591

CVE-2021-33591 affects Naver Comic Viewer. An exposed remote debugging port before version 1.0.15.0 allows a remote attacker to execute arbitrary code via a crafted HTML page. Impact is remote code execution with network access, as described in multiple sources (NVD/Red Hat/CNNVD). No explicit pa...

CVE-2021-33591

An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Pandora FMS 6.0SP3 Cross Site Scripting Vulnerability

Exploit Title: XSS vulnerability for keywords searching parameter in pandorafms-6.0SP3/pandoraconsole Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor: https://pandorafms.com/ Link: https://github.com/pandorafms/pandorafms/releases CVE: 2021-0527-nu11secur1ty Proof:...

OPENSUSE-SU-2021:0787-1 Security update for cacti, cacti-spine

This update for cacti, cacti-spine fixes the following issues: cacti-spine was updated to 1.2.17: Avoid triggering DDos detection in firewalls on large systems Use mysql reconnect option properly Fix possible creashes in various operations Fix remote data collectors pushing too much data to main...