WordPress Sites Abused in Aggah Spear-Phishing Campaign

Threat actors are using compromised WordPress websites to target manufacturers across Asia with a new spear-phishing campaign that delivers the Warzone RAT, a commodity infostealer available widely for purchase on criminal forums, researchers have found. The threat group Aggah, believed to be...

Chikitsa 2.0.0 Cross Site Scripting

Exploit Title: XSS-Stored - Brutal PWNED on Chikitsa 2.0.0 parameter "firstname" Author: nu11secur1ty Testing and Debugging: nu11secur1ty $ g3ck0dr1v3r Date: 08.09.2021 Vendor: https://chikitsa.net/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38152 + Exploit Source:...

systemtap bug fix and enhancement update

SystemTap is an instrumentation system for systems running the Linux kernel, which allows developers to write scripts to collect data on the operation of the system. Bug Fixes and Enhancements: kernel panic at stpbuildidcheck.constprop.65+0x1c7 with centos debuginfo when stap runs BZ1966742...

IBM Security Access Manager 调试信息泄露漏洞

IBM Security Access Manager is an application for information security management from IBM Corporation in the United States. The product enables access management control through integrated Web, mobile, and cloud-oriented devices.IBM Security Access Manager Docker is vulnerable to a debugging...

Exploit for CVE-2021-1675

CVE-2021-1675-LPE-EXP Simple LPE Exploit of CVE-2021-1675...

GSD-2021-1001028 btrfs: promote debugging asserts to full-fledged checks in validate_super

btrfs: promote debugging asserts to full-fledged checks in validatesuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.11 by commit...

UVI-2021-1001028 btrfs: promote debugging asserts to full-fledged checks in validate_super

btrfs: promote debugging asserts to full-fledged checks in validatesuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.11 by commit...

GSD-2021-1000951 btrfs: promote debugging asserts to full-fledged checks in validate_super

btrfs: promote debugging asserts to full-fledged checks in validatesuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.44 by commit...

UVI-2021-1000951 btrfs: promote debugging asserts to full-fledged checks in validate_super

btrfs: promote debugging asserts to full-fledged checks in validatesuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.44 by commit...

GSD-2021-1000896 btrfs: promote debugging asserts to full-fledged checks in validate_super

btrfs: promote debugging asserts to full-fledged checks in validatesuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.126 by commit...

UVI-2021-1000896 btrfs: promote debugging asserts to full-fledged checks in validate_super

btrfs: promote debugging asserts to full-fledged checks in validatesuper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.126 by commit...

Exploit for CVE-2020-15368

How to exploit a vulnerable windows driver Exploit and Proof...

Adobe ColdFusion 8 Remote Command Execution

Exploit Title: Adobe ColdFusion 8 - Remote Command Execution RCE Google Dork: intext:"adobe coldfusion 8" Date: 24/06/2021 Exploit Author: Pergyz Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html Version: 8 Tested on: Microsoft Windows Server 2008 R2 Standard CVE :...

CVE-2021-0487

In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

Duplicate Advisory: Reflected cross-site scripting issue in Datasette

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xw7c-jx9m-xh5g. This link is maintained to preserve external references. Original Description Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette...

Cross-site Scripting (XSS)

datasette is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the ?trace=1 debugging feature...

SUSE: Security Advisory (SUSE-SU-2020:3060-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0527-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

COVID-19 Testing Management System 1.0 SQL Injection Exploit

COVID-19 Testing Management System version 1.0 remote SQL injection exploit based upon the original discovery by Rohit Burke in May of 2021. Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Authentication Bypass Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor...

CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...