Auto Dealer Management System 1.0 - Broken Access Control Exploit

Exploit Title: Auto Dealer Management System 1.0 - Broken Access Control Exploit It leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 CVE Assigned: CVE-2023-0916 mitre.org nvd.nist.org Author: Muhammad Navaid...

TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution Exploit

Titan FTP Server Path Traversal Vulnerability in move-file Function Version: 2.0.1.2102 CVE-2023-22629 CWE-24: Path Traversal TitanFTP Server is vulnerable to a path traversal attack in the move-file function. An attacker can exploit this vulnerability by providing a specially crafted newPath...

NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

VMware Workstation 15 Pro - Denial of Service

Title: VMware Workstation 15 Pro - Denial of Service Author: Milad Karimi Date: 2022-10-17 Tested on: Windows 10 Pro and Windows 7 Pro SP1 with VMware® Workstation 15 Pro 15.5.6 build-16341506 Affected: VMware Workstation Pro/Player 15.x config.version = "8" virtualHW.version = "4" displayName =...

Exploit for Race Condition in Openbsd Openssh

SSH-User-Enum-Python3-CVE-2018-15473 SSH User Enumerator in P...

Exploit for CVE-2022-44666

Microsoft Windows Contacts VCF/Contact/LDAP syslink control...

Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload

The plugin does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. 1 As an Author, upload a picture via http://vulnerable-site.tld/wp-admin/upload.php 2 Press on the new picture's thumbnail to see the attachment's details 3...

Exploit for Double Free in Linux Linux_Kernel

CVE-2022-2588 Code adapted for one cpu, and with a vagrant fil...

Vulnerability fixed in Google Chrome

A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...

Path traversal

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

CVE-2022-35740

CVE-2022-35740 : dotCMS before 22.06 allows remote attackers to bypass access controls and access restricted resources by placing a semicolon in a URL to introduce a matrix parameter, enabling path-based XSS bypass in some frameworks (e.g., Spring/Tomcat). The issue can chain into XSS; impact pub...

Exploit for Code Injection in Samba

CVE-2017-7494 SambaCry Exploit Exploit SambaCry CVE-2017-749...

Vulnerability fixed in Google Chrome

Google has fixed a vulnerability in Chrome. The vulnerability allows a malicious party to cause a denial-of-service cause or potentially execute arbitrary code. To do so requires the malicious party to induce the victim to open a rogue web page. Google indicates that exploit code is circulating f...

CVE-2022-36041 Rizin Out-of-bounds Write vulnerability in Mach-O binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when parsing Mach-O files. A user opening a malicious Mach-O file could be affected by this vulnerability, allowing an attacker to execute code on the...

Vulnerability fixed in Google Chrome and Microsoft Edge

Google and Microsoft have fixed a vulnerability in Google Chrome and Microsoft Edge. The vulnerability allows a local malicious party to perform attacks in the context of the browser that lead to the execution of arbitrary code. Microsoft indicates that exploit code is available. -= Google =-...

Exploit for Use After Free in Linux Linux_Kernel

2022-LPE-UAF Security researchers discovered 3 vulnerabiliti...

Exploit for SQL Injection in Duplicate_Post_Project Duplicate_Post

It is an offensive tool for Windows. The repository contains a P...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

F5-BigIP-CVE-2022-1388 Reverse Shell for CVE-2022-1388 D...

Cyclades Serial Console Server 3.3.0 Privilege Escalation

Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Date: 09 Feb 2022 Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to...

Wazawaka Goes Waka Waka

In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a...