65 matches found
EUVD-2018-0130
Malware in sbrugna...
EUVD-2014-4883
Malware in sbrugna...
EUVD-2022-24812
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2012-3648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application...
Ubuntu: Security Advisory (USN-7279-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE
Description The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server Navigate to the site, and paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers:...
Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access
The plugin does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of...
Chaty < 3.0.3 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...
dTabs <= 1.4 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/options-general.php?page=dtabs.php&action=edit&tab="...
Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin was vulnerable to Stored Cross-Site Scripting XSS in the "hotjar script" textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users. Step 1: Install and activate the plugin "Hotjar...
Wyzi < 2.4.3 - Reflected Cross-Site Scripting (XSS)
The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature https://example.com/business/?keyword=%22%3E%3Cimg%20src=x%20onerror=alert/XSS/%3Easd&wyz-loc-filter-txt=&loc-filter-txt=&loc-filter-lat=&loc-filter-lng=&category=&radius=0...
ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that ActiveX Data Objects ADO handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim user’s privileges. An attacker could craft a website that exploits the vulnerabilit...
H2 Database 1.4.196 - Remote Code Execution
Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197 Tested on: macOS/Linux CVE: N/A This takes...
alchemist.vim bundled alchemist-server remote code execution vulnerability
alchemist.vim is a text editor plugin used in Elixir. bundled alchemist-server is one of the servers. A remote code execution vulnerability exists in bundled alchemist-server in alchemist.vim. A remote attacker can exploit this vulnerability to execute arbitrary code with the help of a malicious...
Microsoft Windows Graphics Component Remote Code Execution (MS17-013: CVE-2017-0108)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows Uniscribe handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...
Audiojungle Clone Script - SQL Injection
Audiojungle Clone Script - SQL Injection Exploit Title: Audiojungle Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://audiojungleclone.bsetec.com/ Demo: http://www.bsetecdemo.com/audiojungleclone Version: N/A Tested on: Win7 x64,...
NewsBee CMS SQL Injection
Exploit Title: NewsBee CMS a SQL Injection Date: 06.02.2017 Software Link: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937?srank=2 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...
Black Hole Exploit Kit Website Redirection
Black Hole Exploit Kit exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Black Hole EK by redirecting them to a malicious web page. Successful infection will allow the attacker to download additional...
LastPass Patches Ormandy Remote Compromise Flaw
LastPass has patched a vulnerability in its Firefox add-on found by Google Project Zero researcher Tavis Ormandy that allows attackers complete remote compromise of the password manager, . The divisive Ormandy submitted a bug report on Tuesday to LastPass after a series of tweets hinting at serio...
WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload
WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload Exploit Title: WP Mobile Detector =3.5 Arbitrary File upload Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector Date: 1-06-2015 Exploit Author: Aaditya Purani Author Details: https://aadityapurani.com Vendor:...