28 matches found
CVE-2025-50096 affecting package mysql for versions less than 8.0.43-1
CVE-2025-50096 affecting package mysql for versions less than 8.0.43-1. An upgraded version of the package is available that resolves this issue...
GHSA-9HP6-4448-45G2
creationtimestamp| type| source ---|---|--- 2025-09-04 15:35:19+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3lxzhvz4hvv2d...
CVE-2025-9927 projectworlds Travel Management System viewpackage.php sql injection
A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might...
CVE-2025-9770
CVE-2025-9770 affects Campcodes Hospital Management System 1.0. The Admin Dashboard Login’s /admin/ backend is vulnerable via manipulation of the Password argument, causing SQL injection. This can be exploited remotely and, per sources, an exploit is publicly available. Connected documents confir...
CVE-2025-9754
creationtimestamp| type| source ---|---|--- 2025-09-01 05:15:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxqtudw3sf2v...
CVE-2025-9727
creationtimestamp| type| source ---|---|--- 2025-08-31 16:54:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxpki3xxd72a...
CVE-2018-15925
creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:34+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...
DoS Vulnerability in ntpd-rs
Summary A denial of service vulnerability was discovered in ntpd-rs where an attacker can induce a message storm between two NTP servers running ntpd-rs. Details Since ntpd-rs version 1.2.0, when configured as a server, incorrectly responded to all NTP messages sent to the server's port with a ti...
CVE-2025-9671
CVE-2025-9671 affects the UAB Paytend App up to version 2.1.9 on Android, impacting the AndroidManifest.xml of the component com.passport.cash . The vulnerability is described as an improper export of Android components, enabling a local attack. The exploit has been publicly released, and the ven...
MAL-2025-41959 Malicious code in cookies-logger (npm)
The package cookies-logger was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2022-24249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtraboxwrite function in /boxcodebase.c, which causes a Denial of Service. This...
Linux Distros Unpatched Vulnerability : CVE-2023-2442
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A special...
Linux Distros Unpatched Vulnerability : CVE-2019-20021
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer over-read was discovered in canUnpack in pmach.cpp in UPX 3.95 via a crafted Mach-O file. CVE-2019-20021 Note that Nessus relies on the...
PivotX Remote Code Execution
This module gains remote code execution in PivotX management system. The PivotX allows admin user to directly edit files on the webserver, including PHP files. The module exploits this by writing a malicious payload into index.php file, gaining remote code execution. Module Options msf use...
Open Sky, Open Threats: Replay Attacks in Space Launch and Re-Entry Phases
This paper examines the effects of replay attacks on the integrity of both uplink and downlink communications during critical phases of spacecraft communication. By combining software-defined radios SDRs with a real-time channel emulator, we replicate realistic attack conditions on the Orion...
OS Command Exec, Unix Command Shell, Bind TCP (via BusyBox telnetd)
Execute an OS command from PHP. Listen for a connection and spawn a command shell via BusyBox telnetd Module Options msf use payload/php/unix/cmd/bindbusyboxtelnetd msf payloadbindbusyboxtelnetd show actions ...actions... msf payloadbindbusyboxtelnetd set ACTION msf payloadbindbusyboxtelnetd show...
OS Command Exec, Unix Command Shell, Reverse TCP (via nodejs)
Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via nodejs Module Options msf use payload/php/unix/cmd/reversenodejs msf payloadreversenodejs show actions ...actions... msf payloadreversenodejs set ACTION msf payloadreversenodejs show options ...show...
PHP Exec, PHP Meterpreter, PHP Reverse TCP Stager
Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions Module Options msf use payload/cmd/unix/php/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf...
XOne Web Monitor 02.10.2024.530 SQL Injection
An unauthenticated SQL injection vulnerability has been discovered in the login functionality of XOne Web Monitor version 02.10.2024.530 framework 1.0.4.9. This flaw allows attackers to exploit improper handling of user input during the authentication process to extract all stored usernames and...
Exploit for Path Traversal in Stagil Stagil_Navigation
CVE-2023-26255 CVE-2023-26256 POC...