Meet Khaled Mohamed: the bug hunter who found a Microsoft flaw

It’s only on rare occasions that anyone pays attention to the acknowledgment section of a vulnerability disclosure. But for the person who found the bug, it's often the conclusion of hours of work, trial and error, searching for recognition, and finally seeing the vulnerability get patched. Bug...

PT-2026-25586

Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...

CVE-2022-31521

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Malicious Package

Overview @mohamed1687/iut-encrypt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2022-52977

Malicious code in bioql PyPI...

Intel® VROC Software Advisory

Summary: Potential security vulnerabilities in some Intel® Virtual RAID on CPU VROC software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-31271 Description: Improper access control in som...

WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin < 1.9.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Mohamed Azarudheen in WordPress Plugin Contact Form & Lead Form Elementor Builder versions 1.9.8...

WordPress User Registration Plugin < 3.0.4.2 is vulnerable to Cross Site Scripting (XSS)

Software User Registration Type Plugin Vulnerable versions 3.0.4.2 Fixed in 3.0.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5228 Patch priority Low CVSS severity Low 5.9 Developer Masteriyo PSID b0a43efbedef Credits Mohamed Azarudheen Require...

Exploit for CVE-2023-31595

CVE-2023-31595 IC Realtime ICIP-P2012T is vulnerable to Incorr...

CVE-2022-31521

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2022-31521

The CVE-2022-31521 entry concerns the Niyaz-Mohamed/mosaic repository up to version 1.0.0, where an absolute path traversal is possible due to unsafe usage of Flask’s send_file. The Red Hat/CVE, NVD, OSV and other sources confirm this underlying flaw stems from how file paths are handled in send_...

Blockchain AltExchanger 1.2.1 SQL Injection Vulnerability

Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...

Blockchain FiatExchanger 2.2.1 SQL Injection

Information Vulnerability Name : Remote Blind SQL Injections in Inout Blockchain FiatExchanger Product : Inout Blockchain FiatExchanger version : 2.2.1 Date : 2022-05-21 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/ Exploit Detail :...

Bagisto 1.3.3 - Client-Side Template Injection Vulnerability

Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an account and login your...

Online Job Portal In PHP/PDO 1.0 SQL Injection

Title: online job portal phppdo v1.0 - SQL injection Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

Lua 5.3.5 - debug.upvaluejoin Use After Free

Lua 5.3.5 - debug.upvaluejoin Use After Free Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Lin...

Lua 5.3.5 Use-After-Free

Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Link: https://www.lua.org/ftp/lua-5.3.5.tar.gz...

Lua 5.3.5 - &#039;debug.upvaluejoin&#039; Use After Free

Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Link: https://www.lua.org/ftp/lua-5.3.5.tar.gz...

IBM Operational Decision Manager 8.x XML Injection

Exploit Title: XML External Entity Injection XXE Date: 2018-12-18 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10744149 Version: v8.6 - v8.7 - v8.8 - v8.9 REQUIRED Tested on: Windows 10 CVE : CVE-2018-1821 POC1: Port...

SDL Web Content Manager 8.5.0 XML Injection

Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Company : Canon Security Date : 25/11/2018 Software Information Affected Software : SDL Web Content Manager Version: Build 8.5.0 Vendor: SDL Tridion Software website : https://www.sdl.com CVE Number: CVE-2018-19371 Descriptio...