Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
Authored by Steffen Robertz | Site sec-consult.com
Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL...
Fortinet Fortimail 7.0.1 Cross Site Scripting
Authored by Braiant Giraldo Villa
Fortinet Fortimail version 7.0.1 suffers from a cross site scripting vulnerability.
advisories | CVE-2021-43062
Change Mirror Download
# Exploit Title: Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)#...
Cacti 1.2.22 Command Injection
Authored by mr_me, Erik Wynter, Stefan Schiller, Owen Gong | Site metasploit.com
This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve...
Trojan-Spy.Win32.Stealer.osh Insecure Permissions
Authored by malvuln | Site malvuln.com
Trojan-Spy.Win32.Stealer.osh malware suffers from an insecure permissions vulnerability.
Change Mirror Download
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source: https://malvuln.com/advisory/d58b1c2f540268bd9dd920455568d45f.txtContact: [email protected]: twitter.com/malvulnThreat: Trojan-Spy.Win32.Stealer.oshVulnerability: Insecure PermissionsDescription:...
WebTareas 2.4 Remote Shell Upload
Authored by Hubert Wojciechowski
WebTareas version 2.4 suffers from a remote shell upload vulnerability.
Change Mirror Download
# Exploit Title: WebTareas 2.4 - RCE (Authorized)# Date: 15/10/2022# Exploit Author: Hubert Wojciechowski# Contact...
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting
Authored by Chloe Chamberland | Site wordfence.com
WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability.
advisories | CVE-2022-0218
Change Mirror...
WordPress DZS Zoomsounds 6.45 Arbitrary File Read
Authored by Uriel Yochpaz
WordPress DZS Zoomsounds plugin version 6.45 suffers from an unauthenticated arbitrary file read vulnerability.
advisories | CVE-2021-39316
Change Mirror Download
# Exploit Title: WordPress Plugin DZS Zoomsounds 6.45 -...
vmwgfx Driver File Descriptor Handling Privilege Escalation
Authored by h00die, Mathias Krause | Site metasploit.com
If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file...
Chrome safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails Use-After-Free
Authored by Google Security Research, Glazvunov
Chrome suffers from a heap use-after-free vulnerability in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails. Versions affected include Google Chrome 96.0.4664.110 (Official Build) (64-bit) and Chromium 99.0.4807.0 (Developer Build) (64-bit).
advisories...
Visual Planning 8 Authentication Bypass
Authored by David Brown, Lennert Preuth | Site schutzwerk.com
Unauthenticated attackers can exploit a weakness in the password reset functionality of the Visual Planning application in order to obtain access...