CVE-2025-13067 Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass

The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a name to bypass sanitization. This makes it possib...

Exploit for Out-of-bounds Write in Gnu Glibc

This is a PoC exploit for CVE-2015-0235, a vulnerability in the GNU C Library glibc that allows for remote code execution RCE through a buffer overflow in the gethostbyname function. The exploit is implemented in the kadimus tool, which is a LFI Local File Inclusion scanner and exploit tool. The...

ImageMagick popen_utf8函数命令注入漏洞

Author: niubl 知道创宇404安全实验室 一、漏洞概要 i. 漏洞描述 ImageMagick是一款使用量很广的图片处理程序，很多厂商都调用了这个程序进行图片处理，包括图片的伸缩、切割、水印、格式转换等等。我发现当用户传入一个包含|竖线的文件名的时候，就有可能触发命令注入漏洞。 ii. 漏洞影响 ImageMagick在处理文件名时会调用OpenBlob函数，在OpenBlob函数中，代码2484行，判断文件名是否以|竖线开头，如果是，那么他会调用popoenutf8函数处理文件名，代码如图：...

security flaw

Multiple off-by-one errors in the cURL library libcurl 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that 1 are malformed in a way that prevents a terminating null byte from being added to...

DEBIAN-CVE-2005-4077

Multiple off-by-one errors in the cURL library libcurl 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that 1 are malformed in a way that prevents a terminating null byte from being added to...