Arbitrary Command Injection

Overview portkiller is a port killer. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

CVE-2021-3156 "Baron Samedit"

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. Recent assessments: cdelafuente-r7 at January 27, 2021 3:40pm UTC...

Code injection

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges...

CVE-2020-27903

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 72 in lib/index.js. PoC var a =require"node-ps"; a.lookuppsargs:"& touch JHU ",function Remediation There is no fixed version for node-ps. References - NPM Package - Vulnerable...

Social Networking Site SQL Injection

Exploit Title: Social Networking Site - Authentication Bypass SQli Date: 2020-11-17 Exploit Author: gh1mau Email: [email protected] Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

PMB 5.6 - 'chemin' Local File Disclosure

Exploit Title: PMB 5.6 - 'chemin' Local File Disclosure Date: 2020-10-13 Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 Tested on: Ubuntu 18.04.1 The PMB G...

CVE-2019-8841

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges...

CVE-2019-8532

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files...

CVE-2019-8532

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files...

Design/Logic Flaw

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files...

CVE-2019-8532

The CVE-2019-8532 entry describes a permissions issue in Apple platforms resolved in watchOS 5.2 and iOS 12.2. Affected components relate to file access permissions, where a malicious app could access restricted files due to insufficient checks. The fix involved removing vulnerable code and addin...

WordPress HS Brand Logo Slider 2.1 Shell Upload

Exploit Title: WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload Date: 2020-10-20 Exploit Author: Net-Hunter Google Dork: N/A Software Link: https://ms.wordpress.org/plugins/hs-brand-logo-slider/ Vendor Homepage: https://www.heliossolutions.co/ Tested on: Linux Apache / Wordpre...

CVE-2020-9907

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-9865

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox...

CVE-2020-15250

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this...

Kubernetes: kubeadm logs tokens before deleting them

Report Submission Form Summary: kubeabdm's delete command takes as input either a bootstrap token ID, or a full token. Before determining whether the input is just an id or a full token, kubeadm logs the input using klog. If the deletion fails, the token would remain valid. An attacker who has...

CVE-2020-15945

Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...

Daily Expense Tracker 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Expense Tracker 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

Employee Record Management System 1.1 SQL Injection

Exploit Title: Employee Record Management SystemERMS 1.1 - Authentication Bypass Date: 2020-07-20 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/ Softwar...