CVE-2021-35599

Vulnerability in the Zero Downtime DB Migration to Cloud component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where Zero Downtime DB...

CVE-2024-10433

The CVE-2024-10433 issue affects Project Worlds Simple Web-Based Chat Application 1.0. The vulnerability is a cross-site scripting flaw in the /index.php page, triggered by manipulating the Name/Comment parameter. It is described as exploitable remotely, with public disclosure of exploits. The av...

Exploit for CVE-2024-4956

README.md CVE-2024-4956 Bulk Scanner Disclaimer Th...

CVE-2023-38579 Westermo Lynx 206-F2G Cross-Site Request Forgery

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

Sql injection

There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex a...

Code injection

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Process Scheduler. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterpri...

Cross-Site Request Forgery (CSRF)

ZoneMinder is vulnerable to cross-site request forgery. Whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful...

Meredith: Shop - Reflected XSS With Clickjacking Leads to Steal User's Cookie In Two Domain

Hii Security Team , I am S Rahul MCEHMetaxone Certified Ethical Hacker and a Security Researcher I just checked your website and found Reflected XSS to Good XSS Clickjacking In Two Domain Description:- As the search parameter is vulnerable to XSS and but the plus point is there is no...

CVE-2021-1219 Cisco Smart Software Manager Satellite Static Credential Vulnerability

A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money

ARCHIVED STORY McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money By John Fokker · October 14, 2019 Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandCrab, the mos...

Precurio 2.1: Remote Command Execution via Xinha Plugin

RIPS Analysis RIPS detected many security vulnerabilities, such as SQL injection and cross-site scripting issues. In order to exploit most of these vulnerabilities in Precurios code base, a user account is required. Precurio also includes a lot of third-party code though that is directly...

Bypassing Ebay XSS Protection to launch XSS by Nirmal Dahal

This is a small proof of concept regarding “Reflective Cross-Site Scripting R-XSS ” which I had found on Ebay. I am not an active participant in bug bounty programs, but one day I had finished all my office works so I was surfing on Facebook and received a message from my brother, Samir, asking f...

Cisco uBR10000 Series IPv4/IPv6 Dual Stack Vulnerability

Cisco uBR10000 Series Universal Broadband Routers contain a vulnerability that could allow an unauthenticated, adjacent attacker to trigger the reload of the routing engine on the affected device. An attacker could exploit this vulnerability by manipulating IPv4 and IPv6 address assignments on a...

EFS Easy Chat server Universal BOF-SEH (Meta)

Exploit for unknown platform in category remote exploits ============================================= EFS Easy Chat server Universal BOF-SEH Meta ============================================= $Id: caigatewaydebug.rb 6568 2009-05-19 13:20:32Z hdm $ This file is part of the Metasploit Framework an...

SA-03.txt

I'm proud to introduce an example of return into libc exploit which works though grsecurity patch protection. Please read source carefully and change some lines cause default version probably wont work on your machine. - This is example, remember it. ; / Grsecurity bypass tryout - system"/bin/sh"...