📄 Microsoft MMC MSC EvilTwin Local Admin Creation

Microsoft MMC MSC EvilTwin local admin creation exploit. !/usr/bin/env python3 Exploit Title: Microsoft MMC MSC EvilTwin - Local Admin Creation Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.microsoft.com...

sql_injections

No d...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in File_Away_Project File_Away

No d...

EUVD-2019-14669

Malware in sbrugna...

vBulletin 5.6.1 SQL Injection

vBulletin version 5.6.1 proof of concept remote SQL injection exploit that dumps the user table. ============================================================================================================================================= | Title : vbulletin 5.6.1 Code Injection Vulnerability | |...

Operation PhantomBlu Deploys NetSupport RAT via OLE Template

Summary: Under the guise of Operation PhantomBlu, a new phishing campaign is aimed at American companies with the goal of deploying the remote access trojan NetSupport RAT. By utilising OLE template manipulation, the PhantomBlu operation presents a sophisticated exploitation technique. This...

Slackware Linux 15.0 / current sendmail Vulnerability (SSA:2024-031-01)

The version of sendmail installed on the remote host is prior to 8.18.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-031-01 advisory. - sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation...

Amazon Linux 2 : postfix (ALAS-2024-2420)

The version of postfix installed on the remote host is prior to 2.10.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2420 advisory. Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and...

Amazon Linux AMI : exim (ALAS-2024-1908)

The version of exim installed on the remote host is prior to 4.92-1.40. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1908 advisory. Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to...

Fedora 38 : postfix (2024-5c186175f2)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5c186175f2 advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

CVE-2023-51766

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but...

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

CVE-2023-51764

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

Warning for iPhone Users: Experts Warn of Sneaky Fake Lockdown Mode Attack

A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks. The novel method, detailed by Jamf Threat Labs in a report shared wi...

Aures Booking And POS Terminal Local Privilege Escalation

Document Title: =============== Aures Booking & POS Terminal - Local Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2323 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ====================================...

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

An unknown attacker targeted tens of thousands of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner. It's not immediately known if all of these hosts were successfully compromised. Nonetheless, it was made possible by means of a "lesser-known...

PHPJabbers Simple CMS 5 Cross Site Scripting

Document Title: =============== PHPJabbers Simple CMS v5 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2300 Release Date: ============= 2021-10-28 Vulnerability Laboratory ID VL-ID: ====================================...

My Movie Collection Sinatra App Movie Cross Site Scripting

Document Title: =============== My Movie Collection Sinatra App - Movie XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2294 Release Date: ============= 2021-11-01 Vulnerability Laboratory ID VL-ID: ====================================...

Kimai v1.13 - (textarea) Cross Site Scripting Vulnerability

Document Title: =============== Kimai v1.13 - textarea Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2269 Release Date: ============= 2021-06-22 Vulnerability Laboratory ID VL-ID: ====================================...