Lucene search
K
PacketstormMost viewed

50748 matches found

Packet Storm
Packet Storm
added 2023/06/08 12:0 a.m.324 views

Microsoft Windows PowerShell Remote Command Execution

from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec hyp3rlinx.altervista.org twitter.com/hyp3rlinx twitter.com/malvuln PoC Video: https://www.youtube.com/watch?v=-ZJnA70Cf4I...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/05/29 12:0 a.m.324 views

Camaleon CMS 2.7.0 Server-Side Template Injection

Exploit Title: Camaleon CMS v2.7.0 - Server-Side Template Injection SSTI Exploit Author: PARAG BAGUL CVE: CVE-2023-30145 Description Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter. Affected Component All versions below...

7.1AI score0.46136EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/05/19 12:0 a.m.324 views

ChurchCRM 4.5.4 Cross Site Scripting

Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image Authenticated Date: 2023-04-17 Exploit Author: Rahad Chowdhury Vendor Homepage: http://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4 Version: 4.5.4 Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 CVE:...

7.1AI score0.01508EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/03/30 12:0 a.m.324 views

Inbit Messenger 4.9.0 Remote Command Execution

Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Date: 11/08/2022 Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Window...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2022/11/25 12:0 a.m.324 views

Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/99e55ce93392068c970384ab24a0e13d.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Win32.Ransom.Conti Vulnerability: Crypto Logic Fla...

Exploits0
Packet Storm
Packet Storm
added 2022/06/20 12:0 a.m.324 views

Lepin EP-KP001 KP001_V19 Authentication Bypass

Advisory ID: SYSS-2022-024 Product: EP-KP001 Manufacturer: Lepin Affected Versions: KP001V19 Tested Versions: KP001V19 Vulnerability Type: Violation of Secure Design Principles CWE-657 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-04-12 Solution Date: - Public Disclosure:...

4.6CVSS0.2AI score0.00506EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/06/07 12:0 a.m.324 views

Backdoor.Win32.Cabrotor.10.d MVID-2022-0612 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cabrotor.10.d Vulnerability: Unauthenticated Remote Command Execution...

Exploits0
Packet Storm
Packet Storm
added 2021/10/12 12:0 a.m.324 views

Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle Teacher Enrollment Privilege Escalation to RCE', 'Description' = %q Moodle version 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and...

1.2AI score0.16425EPSS
Exploits8
Packet Storm
Packet Storm
added 2021/10/08 12:0 a.m.324 views

Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation

Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/23 12:0 a.m.324 views

MyBB 1.8.25 SQL Injection

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...

6.5CVSS0.1AI score0.05072EPSS
Exploits12
Packet Storm
Packet Storm
added 2021/03/15 12:0 a.m.324 views

openMAINT 2.1-3.3-b Cross Site Scripting

Exploit Title: openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting Date: 13/03/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.openmaint.org/ Software Link: https://sourceforge.net/projects/openmaint/files/2.1/Core%20updates/openmaint-2.1-3.3.1/ Version: 2.1-3...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/26 12:0 a.m.324 views

Trojan-Proxy.Win32.Delf.ai Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1dd6eb39a388f4c8a3eaf248d86aaabc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Delf.ai Vulnerability: Remote SEH Buffer Overflow Description: The malware listen...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/13 12:0 a.m.324 views

flatCore CMS XSS / File Disclosure / SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: 2.0.0 Build 139 fixed version: Release 2.0.0 Build 139 CVE number: CVE-2021-23835, CVE-2021-23836,...

0.1AI score0.0168EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/10/01 12:0 a.m.324 views

MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials

Exploit Title: MonoCMS Blog 1.0 - Arbitrary File Deletion Authenticated Date: 2020-09-20 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: https://monocms.com/download Software Link: https://monocms.com/download Version: 1.0 Tested On: Windows 10 XAMPP CVE: N/A Proof of...

0.3AI score0.01628EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/06/09 12:0 a.m.324 views

Bandwidth Monitor 3.9 Full ROP Buffer Overflow

Exploit Title: Bandwidth Monitor 3.9 - Full ROP Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2019/10/23 12:0 a.m.324 views

Linux Polkit pkexec Helper PTRACE_TRACEME Local Root

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Polkit pkexec helper PTRACETRACEME local root exploit', 'Description' = %q This module exploits an issue in ptracelink in kernel/ptrace.c...

7.2CVSS0.2AI score0.52199EPSS
Exploits21
Packet Storm
Packet Storm
added 2019/09/02 12:0 a.m.324 views

IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read

!/usr/bin/perl -w IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 'dumpConfigFile' Pre-Auth Remote Arbitrary File Read Todor Donev 2019 c Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/06/05 12:0 a.m.324 views

BIND 9.10.5 Unquoted Service Path Privilege Escalation

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BIND9-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Vendor: =========== www.isc.org Product: =========== BIND9 v9.10.5 x86 / x64 BIND is open source software that enables you...

0.7AI score0.01413EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/04/10 12:0 a.m.323 views

📄 Typecho 1.3.0 Cross Site Scripting

Typecho versions 1.3.0 and below suffer from a persistent cross site scripting vulnerability. // Exploit Title: Typecho = 1.3.0 Stored Cross-Site Scripting XSS // Google Dork: intext:"Powered by Typecho" inurl:/index.php // Date: 18/08/2024 // Exploit Author: Michele 'cyberaz0r' Di Bonaventura //...

9CVSS6.2AI score0.02671EPSS
Exploits4
Packet Storm
Packet Storm
added 2025/03/06 12:0 a.m.323 views

Microsoft SRV2.SYS SMB 2 Remote Code Execution

Microsoft SRV2.SYS SMB version 2 remote code execution exploit that leverages a flaw from 2009. ============================================================================================================================================= | Title : Microsoft SRV2.SYS SMB v2 RCE Vulnerability | |...

10CVSS8.1AI score0.90121EPSS
Exploits20
Packet Storm
Packet Storm
added 2025/01/28 12:0 a.m.323 views

AutoLib Software Systems OPAC 20.10 Secret Disclosure

AutoLib Software Systems OPAC version 20.10 discloses multiple API keys within the source code. Attackers may use these keys to access the backend API or other sensitive information. + Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Autolib-ind...

7.5CVSS7.7AI score0.00531EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/11/27 12:0 a.m.323 views

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Config Download Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/29 12:0 a.m.323 views

Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection

Exploit Title: Open Redirect / Reflected XSS - booked-schedulerv2.8.5 Date: 10/2024 Exploit Author: Andrey Stoykov Version: 2.8.5 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.html...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.323 views

Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Authentication Bypass", 'Description' = %q This module exploits HTTP servers that...

10CVSS7AI score0.63748EPSS
Exploits12
Packet Storm
Packet Storm
added 2024/08/01 12:0 a.m.323 views

SolarWinds Kiwi Syslog Server 9.6.7.1 Unquoted Service Path

Exploit Title: SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/29 12:0 a.m.323 views

Backdoor.Win32.Jeemp.c MVID-2024-0672 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jeemp.c Vulnerability: Cleartext Hardcoded Credentials Description: The...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/27 12:0 a.m.323 views

WordPress Canto Remote Shell Upload

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.exis...

9.8CVSS7.4AI score0.0562EPSS
Exploits7
Packet Storm
Packet Storm
added 2024/02/22 12:0 a.m.323 views

SitePad 1.8.2 Cross Site Scripting

Exploit Title: SitePad Version : 1.8.2 - Stored XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://sitepad.com/ Version : 1.8.2 Tested on: https://www.softaculous.com/apps/blogs/SitePad 1 Go to Templates Header Edit Pagelayer Template 2 Write in Name : " 3 After save and refres...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/01/23 12:0 a.m.323 views

Solar FTP Server 2.1.2 Denial Of Service

!/usr/bin/perl use IO::Socket::INET; Exploit Title: Solar FTP Server 2.1.2 - PASV - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 23 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1o4xTt67bUJYAAKm0pqNIG99ly--xRQBp/view?usp=sharing...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2023/09/15 12:0 a.m.323 views

Academy LMS 6.2 Cross Site Scripting

Exploit Title: Academy LMS 6.2 - Reflected XSS Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4973 CWE...

7.1AI score0.01835EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/09/14 12:0 a.m.323 views

iSmile Soft CMS 0.3.0 Add Administrator

==================================================================================================================================== | Title : iSmile Soft CMS v0.3.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/04/03 12:0 a.m.323 views

Reprise Software RLM 14.2BL4 Cross Site Scripting

Exploit Title: Reprise Software RLM v14.2BL4 - Cross-Site Scripting XSS Exploit Author: Mohammed A.Siledar Author Company : reprisesoftware Version: rlm.v14.2BL4 Vendor home page : https://reprisesoftware.com Software Link:...

6.1CVSS6.4AI score0.02527EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/12/05 12:0 a.m.323 views

Zillya Total Security 3.0.2367.0 / 3.0.2368.0 Local Privilege Escalation

Title: Zillya Total Security - Link Following Local Privilege Escalation AVGater Vulnerability Date: 02.12.2022 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://zillya.com/ Software Link: https://download.zillya.com/ZTS3.exe /...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/24 12:0 a.m.323 views

Online Fire Reporting System 1.0 SQL Injection

Title: Online Fire Reporting System 1.0 SQLi Author: nu11secur1ty Date: 05.24.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html Reference:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.323 views

ExifTool 12.23 Arbitrary Code Execution

Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Date: 04/30/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE:...

7.8CVSS0.3AI score0.99981EPSS
Exploits39
Packet Storm
Packet Storm
added 2022/02/25 12:0 a.m.323 views

WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting

On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to injec...

0.04336EPSS
Exploits3
Packet Storm
Packet Storm
added 2022/02/04 12:0 a.m.323 views

WBCE CMS 1.5.2 Remote Code Execution

Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Date: 02/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/20 12:0 a.m.323 views

Ransomware Builder Babuk Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/5dfa998f62612e10d5d28d26948dd50f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransomware Builder Babuk Vulnerability: Insecure Permissions Description: The malware creates...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/07 12:0 a.m.323 views

Microsoft Windows SMB Direct Session Takeover

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows SMB Direct Session Takeover', 'Description' = %q This module will intercept direct SMB authentication requests to another host,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.323 views

Worm.Win32.Runfer.bpo Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ae4c226ad974c990391217f31db2a209.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Runfer.bpo Vulnerability: Insecure Service Path Description: The malware creates a servic...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/10 12:0 a.m.323 views

MobileTogether Server 7.3 XML Injection

Advisory: XML External Entity Expansion in MobileTogether Server RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one app to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerabili...

0.1AI score0.66278EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/07/21 12:0 a.m.323 views

Ampache 4.4.2 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Cross-site Scripting vulnerability in Ampache 4.4.2 Affected Software: Ampache Affected Versions: 4.4.2 Homepage: http://ampache.org/ Vulnerability: Cross-Site Scripting Severity: High Status: Fixed CVSS Score 3.0: 7.4 High Netsparker...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/07/21 12:0 a.m.323 views

Sage X3 Administration Service Authentication Bypass / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sage X3 Administration Service Authentication Bypass Command Execution', 'Description' = %q This module leverages an authentication bypass exploi...

1AI score0.70268EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.323 views

SyncBreeze 10.1.16 Buffer Overflow

Exploit Title: SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow Date: 03/27/2021 Author: Filipe Oliveira - filipecenturiaoathotmail.com Rafael Machado - nnszsatprotonmail.com Vendor: https://www.syncbreeze.com/ Software Link:...

6.8CVSS1AI score0.05507EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/03/09 12:0 a.m.323 views

FreeLAN 2.2 Unquoted Service Path

Exploit Title: FreeLAN 2.2 - 'FreeLAN Service' Unquoted Service Path Date: 2021-1-20 Exploit Author: Mohammed Alshehri Vendor Homepage: www.freelan.org Software Link: https://github.com/freelan-developers/freelan/releases/download/2.2/freelan-2.2.0-x86-install.exe Version: Version 2.2 Tested on:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/08/20 12:0 a.m.323 views

WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass

Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura from The Missing Link Website:...

0.1AI score0.01152EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/08/11 12:0 a.m.323 views

vBulletin 5.x Remote Code Execution

!/bin/bash vBulletin widgettabbedcontainertabpanel 5.x 0day by @Zenofex Usage ./exploit Urlencode cmd CMD=echo $2|perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' Send request curl -s $1/ajax/render/widgettabbedcontainertabpanel -d...

7.5CVSS0.3AI score0.99728EPSS
Exploits27
Packet Storm
Packet Storm
added 2018/07/17 12:0 a.m.323 views

Nanopool Claymore Dual Miner APIs Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Nanopool Claymore Dual Miner APIs RCE', 'Description' = %q This module takes advantage of miner remote...

6CVSS0.4AI score0.77297EPSS
Exploits7
Packet Storm
Packet Storm
added 2015/09/01 12:0 a.m.325 views

NibbleBlog 4.0.3 Shell Upload

NibbleBlog 4.0.3: Code Execution Security Advisory – Curesec Research Team 1. Introduction Affected Product: NibbleBlog 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: Website: http://www.nibbleblog.com/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/12/03 12:0 a.m.323 views

Oracle MySQL Heap Overrun

MySQL Heap Overrun tested for the latest version of mysql server on a SuSE Linux system As seen below $edx and $edi are fully controlled, the current instruction is = 0x83a6b24 : mov %edx,%edi this means we landed in a place where 4 bytes can be controlled by 4 bytes with this function pointers a...

6.5CVSS0.2AI score0.20837EPSS
Exploits2
Total number of security vulnerabilities5000