Exploit for CVE-2024-8503

vicidial-cve-2024-8503-blind-sqli-p...

Exploit for CVE-2025-11001

🔒 Se7enSlip - 7-Zip Vulnerability Scanner A stunning, interac...

[SECURITY] Fedora 43 Update: exiv2-0.28.6-2.fc43

A command line utility to access image metadata, allowing one to: print the Exif metadata of Jpeg images as summary info, interpreted values, or the plain data for each tag print the Iptc metadata of Jpeg images print the Jpeg comment of Jpeg images set, add and delete Exif and Iptc metadata of...

CBL Mariner 2.0 Security Update: python3 (CVE-2024-12718)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12718 advisory. - Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1045)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1045 advisory. Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with filter=tar of files outside the extraction directory.You are affected by this vulnerabili...

CVE-2025-30675

CVE-2025-30675 in Apache CloudStack affects the listTemplates and listIsos APIs due to a flawed access-control check when domainid is specified with filters self or selfexecutable. The issue allows a Domain Admin or Resource Admin to enumerate templates/ISOs in unrelated domains, breaching isolat...

CVE-2023-44398

An out-of-bounds write vulnerability has been identified in the Exiv2 library within the BmffImage::brotliUncompress function. This issue arises when Exiv2 is employed to extract metadata from a manipulated image file. An attacker could potentially exploit the vulnerability to gain code execution...

CVE-2023-36807 Infinite Loop when reading malformed objects in pypdf

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single co...

Local file inclusion

Description https://app.diagrams.net/embed2.js?&fetch= is used to fetch data and i tried to perform ssrf by extracting google cloud metadata but was unable to do but i am still able to fetch server files like /etc/passwd. Proof of Concept 1. Visit https://app.diagrams.net/embed2.js?&fetch= 2. Ent...

Allocation of Resources Without Limits or Throttling in metadata-extractor

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor...

CVE-2022-24614

When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor...

DRUPAL-CONTRIB-2022-015

This module enables you to automatically scan images uploaded to the site to extract their meta data and store it in taxonomy structures. The module doesn't sufficiently protect against malicious files being used to attack the site. This vulnerability is mitigated by the fact that an attacker mus...

Exif - Critical - Remote code execution - SA-CONTRIB-2022-015

This module enables you to automatically scan images uploaded to the site to extract their meta data and store it in taxonomy structures. The module doesn't sufficiently protect against malicious files being used to attack the site. This vulnerability is mitigated by the fact that an attacker mus...

BSCW Server Remote Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated RCE product: BSCW Server vulnerable version: BSCW Server =5.0.11, =5.1.9, =5.2.3, =7.3.2, =7.4.2 fixed version: 5.0.12, 5.1.10, 5.2.4, 7.3.3, 7.4.3 CVE...

BurpMetaFinder - Burp Suite Extension For Extracting Metadata From Files

Burp Suite extension for extracting metadata from files Currently supported documents: PDF DOCX PPTX XLSX The project created at Jetbrains has been completely added. Don't forget to change the settings you need. Usage You need to dowload 2 external libraries: pdfbox poi-ooxml To install the...

[SECURITY] Fedora 32 Update: pngcheck-2.4.0-5.fc32

pngcheck verifies the integrity of PNG, JNG and MNG files by checking the internal 32-bit CRCs checksums and decompressing the image data; it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statist i...

Evine - Interactive CLI Web Crawler

Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...

GitLab: Path traversal in Nuget Package Registry

Summary There's a path traversal issue in Nuget package registry which was released to GitLab-EE recently. The issue allows an attacker to create any file with an extension “.nupkg” in the filesystem. By combining the bug with a race condition in Gitaly which I used several times before 762421,...

Nfstream - A Flexible Network Data Analysis Framework

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...

FOCA - Tool To Find Metadata And Hidden Information In The Documents

FOCA Fingerprinting Organizations with Collected Archives FOCA is a tool used mainly to findmetadata and hidden information in the documents it scans. These documents may be on web pages, and can be downloaded and analysed with FOCA. It is capable of analysing a wide variety of documents, with th...