CVE-2026-3610

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument errordescription results in cross site scripting. The...

CVE-2025-57348

The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...

Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Windows 11 SMB Client - Privilege Escalation & Remote Code Execution RCE Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-13 Tested on: Windows 11 version 22H2, Windows Server 2022, Kali Linux...

Exploit for CVE-2025-2249

🔐 WordPress SoJ SoundSlides Plugin ⚠️ DISCLAIMER: This ex...

PT-2024-2440 · Google +5 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 123.0.6312.86 Description: The issue is related to a use after free in the Dawn component, which can potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. This could lead to...

Vulnerability in JP1/VERITAS

Overview A vulnerability VTS23-011 exists in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities

By Carl Hurd. The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. What makes the LInkHub system unique is the lack of a network interface to manage the devices individually or in the mesh. Instead, a phon...

BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution

!/usr/bin/python logstorm-root.py BlackStratus LOGStorm Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2016 -Synopsis- "Better Security and Compliance for Any Size Business" BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to...

Wordpress Count-per-day plugin Multiple Vulnerabilities

No description provided by source. Exploit Title: Count-per-day Wordpress plugin Arbitrary file download and XSS Version: 3.1.1 Date: 2011-01-12 Author 6Scan http://6scan.com security team Software Link: http://wordpress.org/extend/plugins/count-per-day/ Official fix: This advisory is released...

shopex绕过补丁本地包含漏洞#4

简要描述： 360提交的漏洞，官方修复不严谨 详细说明： http://bbs.webscan.360.cn/forum.php?mod=viewthread&tid=8613&extra=page%3D1 修复前： 修复后（\core\api\shopapi.php）： if isset$REQUEST'appname' $appName = pregreplace'/^a-z0-1/i', '', $REQUEST'appname'; elseif strpos$apiAct, ':' 0 // request plugin api list$appName, $apiAct =...

Security Advisory-The AR Abnormally Resets When Receiving Special DHCP Packets

Access Router AR is a low-end router of Huawei. It provides both mobile and fixed network access modes, applies to enterprises. In application processing on the live network, when special ip phone use DHCP to requests for address information from the AR, a special field is carried in the request...

MITKRB5-SA-2012-001: KDC heap corruption and crash [CVE-2012-1014 CVE-2012-1015]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2012-001 MIT krb5 Security Advisory 2012-001 Original release: 2012-07-31 Topic: KDC heap corruption and crash vulnerabilities CVE-2012-1015: KDC frees uninitialized pointer CVSSv2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2...

MITKRB5-SA-2011-007 KDC null pointer dereference in TGS handling [CVE-2011-1530]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-007 MIT krb5 Security Advisory 2011-007 Original release: 2011-12-06 Last update: 2011-12-06 Topic: KDC null pointer dereference in TGS handling CVE-2011-1530 KDC null pointer dereference in TGS handling CVSSv2 Vector:...

MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-005 MIT krb5 Security Advisory 2011-005 Original release: 2011-07-05 Topic: FTP daemon fails to set effective group ID CVE-2011-1526 CVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:O/RC:C CVSSv2 Base Score: 6.5 Access Vector: Network...

PHPMPS 0day-vulnerability warning-the black bar safety net

Author:Minghacker From:http://www.3est.com Blog: http://yxmhero1989.blog.163.com PHPMPS ,masterhttp://www.phpmps.com/to download. v2. 0 official version of GBK and v2. 0 full version UTF8 There are serious security risks, hope you do not destroy, and calmly wait for the official fix upgrade...

MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2008-002 MIT krb5 Security Advisory 2008-002 Original release: 2008-03-18 Last update: 2008-03-18 Topic: array overrun in RPC library used by kadmind CVE-2008-0947, CVE-2008-0948 VU374121 Use of high-numbered file descriptors in the RPC...

MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2008-001 MIT krb5 Security Advisory 2008-001 Original release: 2008-03-18 Last update: 2008-03-18 Topic: double-free, uninitialized data vulnerabilities in krb5kdc CVE-2008-0062 VU895609 Use of a null or dangling pointer in the MIT Kerberos...

simpnews24103-fdisclose.txt

netVigilance Security Advisory 69 SimpNews version 2.41.03 File Content Disclosure Vulnerability Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header,...

PT-2007-1146 · Oracle +1 · Oracle Weblogic Server +2

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 and 12.1.3.0.0 Description: The issue is related to the Oracle WebLogic Server component of Oracle Fusion Middleware, specifically the Web Services subcomponent. It is an easily exploitable...

In-game /ignore crash in Soldier of Fortune II 1.03

Luigi Auriemma Application: Soldier of Fortune II http://sof2.ravensoft.com Versions: 1.02x and 1.03 Platforms: Windows, Linux and Mac Bug: bad memory access Exploitation: remote, versus server in-game Date: 29 Jun 2005 Author: unknown, found in the wild and reported to me by two admins Advisory:...