12 matches found
EUVD-2026-31979
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...
EUVD-2021-34798
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...
CVE-2021-47937
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...
Exploit for Injection in Ghost
This is a rework of the Repo by rootxran for this same CVE - htt...
Exploit for Injection in Ghost
CVE-2026-29053 Ghost CMS RCE via jsonpath/static-eval prototy...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview ghost is a publishing platform Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. An attacker can execute arbitrary code on the server by submitting a specially crafted malicious theme...
Microsoft Windows - NTLM Hash Leak Malicious Windows Theme
Exploit Title: CVE-2024-21320 - NTLM Hash Leak via Malicious Windows Theme Date: 02/03/2025 Exploit Author: Abinesh Kamal K U CVE : CVE-2024-21320 Ref: https://www.cve.org/CVERecord?id=CVE-2024-21320 Step 1: Install Responder Responder is a tool to capture NTLM hashes over SMB. git clone...
PT-2023-5126 · Microsoft · Windows 11 +1
Name of the Vulnerable Software and Affected Versions: Windows 11 affected versions not specified Description: The vulnerability is related to insufficient input validation in the Windows Themes component, allowing remote attackers to execute arbitrary code on the system. This can occur when a us...
Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution Exploit
Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and...
Moodle Teacher Enrollment Privilege Escalation to RCE
Moodle version 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versions allow for a teacher to exploit chain to RCE. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and thus look to add...
CVE-2017-2699
The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versions earlier than CRR-L09C432B380, versions earlier than LYO-L21C577B128 has a privilege elevation vulnerability. An attacker could exploit this vulnerability to upload theme packs containing malicious files and trick users into...
RHEL 2.1 : WindowMaker (RHSA-2003:009)
Updated packages are available to fix a vulnerability in Window Maker. Updated 06 Feb 2003 Fixed packages for Advanced Workstation 2.1 have been added. Updated 31 Mar 2003 New erratum packages are available to fix a bug in the original security patch. Updated 18 Jun 2003 The last update did not...