Wordpress Catch Themes Demo Import 1.6.1 Plugin- Remote Code Execution Exploit

Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...

Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5

Description The reflected XSS vulnerability occurs to a flaw in the cleanxsstags function called in memo.php of Gnuboard 5. This cleanxsstags is a Sanitizer that removes XSS-vulnerable tags and attributes. However, it can bypass Sanitizer by using a newline character. %0A, %0D, ETC Proof of Conce...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Zulip

CVE-2021-43798 Grafana 8.x Path Traversal Pre-Auth All credi...

D-Link DSL-3782 Pre-Authentication Remote Root

!/usr/bin/python2 preauth rece for dlink dsl-3782 found: 06.11.2021 pwned: 18.112021 @ 19:26 import sys import urllib2 requests import urllib import struct target = 'http://192.168.0.50/index.php' cgi-bin/ChgLang.asp' nopsled = "" NOP sled XOR $t0, $t0, $t0; as NOP is only null bytes for i in...

secure.action.news Cross Site Scripting vulnerability OBB-2282566

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2015-9083

CVE-2015-9083 entry is rejected and not used; not an active vulnerability.

Internet Bug Bounty: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.50

Hello Apache team, @fms and myself were able to bypass the latest patch for CVE 2021-41773 in the Apache 2.4.50. These are the payloads: 1 %%32%65%%32%65 2 .%%32%65 3 .%%32e 4 .%2%65 PoC Path Traversal GET /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1...

Microsoft Warns about 6 Iranian Hacking Groups Turning to Ransomware

Nation-state operators with nexus to Iran are increasingly turning to ransomware as a means of generating revenue and intentionally sabotaging their targets, while also engaging in patient and persistent social engineering campaigns and aggressive brute force attacks. No less than six threat acto...

Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free Exploit

Linux suffered from a use-after-free read vulnerability related to an SOPEERCRED and SOPEERGROUPS race with listen and connect. This has been addressed in stable versions 5.14.10, 5.10.71, 5.4.151, 4.19.209, 4.14.249, 4.4.288, and 4.9.286. Linux: UAF read: SOPEERCRED and SOPEERGROUPS race with...

Online Learning System 2.0 Remote Code Execution

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Date: 15/11/2021 Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux...

UVI-2021-1002147 dm: fix mempool NULL pointer race when completing IO

dm: fix mempool NULL pointer race when completing IO This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15 by commit...

Exploit for Path Traversal in Apache Http_Server

CVE...

jasmincare.eu Improper Access Control vulnerability OBB-2263360

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-J6WP-3859-VXFG OIDC claims not updated from Identity Provider in Pomerium

Impact Changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowedidpclaims as part of policy. If using allowedidpclaims and a user's claims are changed, Pomerium can make incorrect authorization decisions. Patches v0.15.6 Workarounds - Clear...

OSV-2021-1559 Heap-buffer-overflow in ih264d_mark_err_slice_skip

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40851 Crash type: Heap-buffer-overflow WRITE 4 Crash state: ih264dmarkerrsliceskip ih264dvideodecode ih264dapifunction...

InvestorDistribution uses setAdmin anti-pattern

Handle elprofesor Vulnerability details Impact InvestorDistriubtion.sol uses a setAdmin function which directly sets privileged user accounts to a set value. If this function is used incorrectly or by accident, the admin user may be lost or set to a malicious account. Recommended Mitigation Steps...

news.abidjan.net Cross Site Scripting vulnerability OBB-2253330

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

python-cryptography bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

ALBA-2021:4431 lvm2 bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

ModemManager bug fix and enhancement update

An update is available for ModemManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...