1697 matches found
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on December 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-353-01 Subnet Solutions Inc. PowerSYSTEM Center ICSA-23-353-02 EFACEC BCU 500...
Tenda AX3 Command Execution Vulnerability
The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A command execution vulnerability exists in Tenda AX3 version V16.03.12.11, which originates from the handler function of /goform/telnet failing to properly filter construct command special characters,...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432 CVE-2023-28432 Minio Information isclosure Exp...
PT-2023-21986 · Hikvision · Localservicecomponents
Name of the Vulnerable Software and Affected Versions: plug-in affected versions not specified Description: The issue allows an attacker to exploit it by sending crafted messages to computers with the plug-in installed, modifying plug-in parameters. This could cause affected computers to download...
CVE-2023-48236 overflow in get_number in vim
Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAXINT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit 73b2d379 which...
Google Chrome memory misreference vulnerability (CNVD-2023-100967)
Google Chrome is a browser by Google. A memory misreference vulnerability exists in versions of Google Chrome prior to 119.0.6045.159, which stems from a mix-up in the instructions responsible for freeing memory by the Garbage Collection function. An attacker could exploit this vulnerability to...
PT-2023-32066 · WordPress · Awesome Support
Name of the Vulnerable Software and Affected Versions: Awesome Support WordPress plugin versions prior to 6.1.5 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the pag...
Input validation
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...
Google Android elevation of privilege vulnerability (CNVD-2023-98747)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by an out-of-bounds read in the Media Framework component. An attacker can exploit this vulnerability to gain elevated privileges...
TOTOLINK A3700R Command Execution Vulnerability
The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK A3700R v9.1.2u.616520211012, which can be exploited by an attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller
CVE-2023-4966 Citrix Memory Leak Exploit 🔒 Leak session token...
Mitsubishi Electric MELSEC-F Series Authentication Error Vulnerability
Mitsubishi Electric MELSEC-F Series is a basic micro PLC with analog and communication function scalability for industrial control equipment from Mitsubishi Electric Mitsubishi Electric, Japan. An authentication error vulnerability exists in the Mitsubishi Electric MELSEC-F Series, which can be...
Exploit for Use After Free in Microsoft
CVE-2023-36802 Local Privilege Escalation POC authors: chomp...
Exploit for CVE-2013-0422
K8tools 20190727 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...
Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2023-101685)
Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio, which can be exploited by...
CVE-2023-36777
creationtimestamp| type| source ---|---|--- 2023-09-13 10:06:37+00:00| seen| https://t.me/kasperskyb2b/872 2024-09-19 18:02:10+00:00| seen| https://www.thezdi.com/blog/2024/9/18/exploiting-exchange-powershell-after-proxynotshell-part-3-dll-loading-chain-for-rce...
Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar
CVE-2023-38831 Exploit - Bait and Switch Archive Generator...
The vulnerability of the DDP microprogramming software-based wireless access points from D-Link, model DAP-2622, allows a intruder to execute any arbitrary code.
The vulnerability of the DDP microprogramming software used in D-Link DAP-2622 wireless access points lies in the fact that the execution of commands is carried out outside of the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...
Wp2Fac - OS Command Injection Exploit
Exploit Title: Wp2Fac v1.0 - OS Command Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent': 'Mozilla/5.0 X11;...
WinRAR CVE-2023-38831 Exploit
This module exploits a vulnerability in WinRAR CVE-2023-38831. When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution. Module Options msf use exploit/windows/fileformat/winrarcve202338831 msf exploitwinrarcve202338831 show targets...