CVE-2021-22359

There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700. An attacker could exploit this vulnerability by sending specific message to a targeted device. Due to insufficient input validation, successful exploit can cause the service...

CVE-2025-63611

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields Explain the Complaint submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer /admin/complaint-details.php?cid=. When an administrator opens the complaint, injected...

EUVD-2017-5948

Malware in sbrugna...

EUVD-2018-15636

Malware in sbrugna...

EUVD-2021-2984

Malicious code in bioql PyPI...

Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

cve-2024-4367-PoC-fixed PDF.js is a JavaScript-based PDF vie...

CVE-2023-20940

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

SUSE CVE-2009-3796

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."...

mTouch Quiz <= 3.1.3 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the delimiter...

Pjsua Api 缓冲区错误漏洞

Pjsua Api is an advanced Api for building Sip multimedia user agent applications, and a buffer overflow vulnerability exists in the PJSUA API, which can be exploited to cause a buffer overflow via a controlled "filename" parameter...

Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability

In August, Microsoft Threat Intelligence Center MSTIC identified a small number of attacks less than 10 that attempted to exploit a remote code execution vulnerability in MSHTML using specially crafted Microsoft Office documents. These attacks used the vulnerability, tracked as CVE-2021-40444, as...

Hyland OnBase Denial of Service Vulnerability

Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase suffers from a denial of service vulnerability that can be exploited by an attacker to cause a denial of service via a long user ID...

Chamilo LMS 1.11.8 firstname Cross Site Scripting

Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS:...

Chamilo LMS 1.11.8 - firstname Cross-Site Scripting

Chamilo LMS 1.11.8 - firstname Cross-Site Scripting Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link:...

Invite Anyone <= 1.3.18 - Unauthenticated PHP Object Injection

The plugin invite-anyone insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Similar to previous attacks, you send a cookie named "invite-anyone" with serialized data for your target object...

AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection

The plugin ajax-random-posts insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified WordPress Plugins team. PoC Attack is exploitable over AJAX calls on sites with th...

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original...

Bash Vulnerability Exploits Dropping DDoS Bots

A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability. One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks DDoS, said Jaime Blasco,...

Geeklog <= 1.6.0sr2 - Remote File Upload

No description provided by source. ============================================================================== Geeklog = v1.6.0sr2 - Remote File Upload Discovered: JaL0h Software Site: http://www.geeklog.net Dork: By Geeklog Created this page in +seconds +powered...

Apple Quicktime <= 7.1.5 QTJava toQTPointer() Java Handling Arbitrary Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23608/info QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer. The issue occurs when a Java-enabled browser is used to view a malicious website. QuickTime must also be...