CVE-2025-21583

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

BIT-MLFLOW-2024-1594 Local File Read via Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

curl: Denial of Service in curl Request - HTTP headers eat all memory

Vulnerability description not provided...

Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution

Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE. Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office Reference: https://portswigger.net/web-security/access-control CVE-2023-33148...

Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

Title: Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 64-bit - Remote Code Execution RCE Author: nu11secur1ty Date: 04.17.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/ Reference:...

Microsoft Excel / 365 MSO Remote Code Execution

Title: Microsoft Excel Microsoft® Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 32-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 06.27.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)

Exploit Title: Microsoft Word 16.72.23040900 - Remote Code Execution RCE Author: nu11secur1ty Date: 04.14.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...

Microsoft Word 16.72.23040900 - Remote Code Execution Vulnerability

Exploit Title: Microsoft Word 16.72.23040900 - Remote Code Execution RCE Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...

Microsoft Word Remote Code Execution

Title: Microsoft Word Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.14.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...

Microsoft Excel Spoofing Vulnerability

Title: Microsoft Excel Spoofing Vulnerability Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/ CVE-2023-23398 Description: The attack itself is carried out locally...

Denial Of Service (DoS)

mysql is vulnerable to denial of service. An easy to exploit vulnerability allows a high privileged attacker to crash the server...

Windows Manage PXE Exploit Server

This module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing a payload to install metsvc, disable the firewall, and add a new user metasploit on any Windows partition seen, and add a uid...

Israeli Think Tank Compromised to Serve Sweet Orange Exploit Kit

The official website of a prominent Israel-based, Middle East foreign policy-focused think tank, the Jerusalem Center for Public Affairs JCPA, has been compromised and abused by attackers to distribute malware. The Israeli think tank website JCPA – an independent research institute focusing on...

Israeli Think-Tank Site Serves Sweet Orange Exploit

Attackers have compromised the website of a prominent Israel-based, Middle East foreign policy-focused think tank, the Jerusalem Center for Public Affairs JCPA. On Friday, researchers from Cyphort reported that the site was serving the Sweet Orange exploit kit via drive-by download. At the time o...

Adobe Flash Player Shader Buffer Overflow

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::BrowserExploitServer def...

Adobe Flash Player - Shader Buffer Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Adobe Flash Player Shader Buffer Overflow", 'Description' = %q This module exploits a buffer overflow vulnerability in Adobe Flash...

phpMyAdmin 3.5.2.2 server-sync.php 后门

No description provided by source...

YieldManager Ad Network Serving Malvertising

One of the world’s largest advertising networks, YieldManager, has been serving ransomware to websites from all over the world. The malvertising campaign was first detected by Armorize’s HackAlert scanning farm. While the websites affected are international, the exploit server itself, at the...

Reverse Shell Applet

Added: 10/10/2010 Background This tool runs an exploit server which delivers a signed java applet, embedded in an HTML page, to the target hosts. The user is presented with a signed digital certificate which, when accepted, establishes a reverse shell connection back to the exploit server. Proble...

Automatic Drive-by Download

Added: 07/23/2010 Background This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers th...