CVE-2013-0935

EMC Smarts Network Configuration Manager NCM before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors...

Rudder Server SQLI Remote Code Execution

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...

CVE-2022-20603

In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

[ASA-202110-10] wpewebkit: multiple issues

Arch Linux Security Advisory ASA-202110-10 ========================================== Severity: Medium Date : 2021-10-29 CVE-ID : CVE-2021-30846 CVE-2021-30851 CVE-2021-42762 Package : wpewebkit Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2484 Summary ======= The...

[SECURITY] Fedora 32 Update: libssh-0.9.5-1.fc32

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

CVE-2020-1560 Microsoft Windows Codecs Library Remote Code Execution Vulnerability

...

Exchange Control Panel Viewstate Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...

CVE-2020-8850

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Integer overflow

In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112891546...

xdebug Unauthenticated OS Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'xdebug Unauthenticated OS Command Execution', 'Description' = %q Module exploits a vulnerability in the eval command present in Xdebug versions...

Xbox 360 Aurora 0.6b Default Credentials / FTP BruteForce Exploit

Exploit for linux platform in category remote exploits Exploit Title: XBOX 360 Aurora 0.6b Default Credentials / FTP BruteForce Date: 20/12/2017 Exploit Author: Daniel Godoy Vendor Homepage: http://phoenix.xboxunity.net//news Tested on: XBOX 360 GREETZ: Iker Legorreta, RemoteExecution Team...

Easy File Uploader Remote Shell Upload

Exploit Title: Easy File Uploader - Arbitrary File Upload Date: 27/04/2017 Exploit Author: Daniel Godoy Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 Tested on: GNU/Linux GREETZ: Rodrigo...

CVE-2015-2016

Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors...

ProFTPD 'mod_copy' Unauthenticated Copying Of Files Via SITE CPFR/CPTO Vulnerability (Apr 2015) - Active Check

ProFTPD is prone to an unauthenticated copying of files vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Gradman <= 0.1.3 (info.php tabla) Local File Inclusion Vulnerability

No description provided by source. Software: Gradman = 0.1.3 HomePage: http://gradman.xe1ido.com.mx/ Software: Gradman = 0.1.3 Exploit: Local File Inclusion High Dork: powered by Gradman Bug Found By: Syndr0me! site: www.remoteexecution.es Where: info.php?tabla= Greetz: S4nt0!, Yubix, Xarnuz,...

SPlayer XvidDecoder 3.3 - ActiveX Remote Exec 0day PoC

No description provided by source. Author: superli Tested on: xpsp3 ie6 Code : object id=TestObj classid=CLSID:E5960BC4-A76B-4211-BEEC-9AEE2AF8AAE6 style=width:100;height:350/object...

Invision IP.Board <= 3.3.4 unserialize() PHP Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

MySQL Squid Access Report 2.1.4 HTML Injection

Exploit Title: MySQL Squid Access Report 2.1.4 / HTML Injection Date: 23/07/2012 Author: Daniel Godoy Author Mail:DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software web: http://sourceforge.net/projects/mysar/ Tested on: Linux Dork: MySQL Squid Access Report 2.1....

MySQL Squid Access Report 2.1.4 - HTML Injection

Exploit Title: MySQL Squid Access Report 2.1.4 / HTML Injection Date: 23/07/2012 Author: Daniel Godoy Author Mail:DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software web: http://sourceforge.net/projects/mysar/ Tested on: Linux Dork: MySQL Squid Access Report 2.1....

CLscript Classified Script 3.0 - SQL Injection

Exploit Title: CLscript - Classified Script 3.0 / SQL Injection Date: 03/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web: http://www.phpkode.com/scripts/item/clscript-classified-script/ Tested on: Linux Dork:...