Exploits & CVE's

Authored by Steffen Robertz | Site sec-consult.com Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL...

Authored by Braiant Giraldo Villa Fortinet Fortimail version 7.0.1 suffers from a cross site scripting vulnerability. advisories | CVE-2021-43062 Change Mirror Download # Exploit Title: Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)#...

Authored by mr_me, Erik Wynter, Stefan Schiller, Owen Gong | Site metasploit.com This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve...

Authored by malvuln | Site malvuln.com Trojan-Spy.Win32.Stealer.osh malware suffers from an insecure permissions vulnerability. Change Mirror Download Discovery / credits: Malvuln - malvuln.com (c) 2021Original source: https://malvuln.com/advisory/d58b1c2f540268bd9dd920455568d45f.txtContact: [email protected]: twitter.com/malvulnThreat: Trojan-Spy.Win32.Stealer.oshVulnerability: Insecure PermissionsDescription:...

Authored by Hubert Wojciechowski WebTareas version 2.4 suffers from a remote shell upload vulnerability. Change Mirror Download # Exploit Title: WebTareas 2.4 - RCE (Authorized)# Date: 15/10/2022# Exploit Author: Hubert Wojciechowski# Contact...

Authored by Chloe Chamberland | Site wordfence.com WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. advisories | CVE-2022-0218 Change Mirror...

Authored by Uriel Yochpaz WordPress DZS Zoomsounds plugin version 6.45 suffers from an unauthenticated arbitrary file read vulnerability. advisories | CVE-2021-39316 Change Mirror Download # Exploit Title: WordPress Plugin DZS Zoomsounds 6.45 -...

Authored by h00die, Mathias Krause | Site metasploit.com If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file...

Authored by Google Security Research, Glazvunov Chrome suffers from a heap use-after-free vulnerability in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails. Versions affected include Google Chrome 96.0.4664.110 (Official Build) (64-bit) and Chromium 99.0.4807.0 (Developer Build) (64-bit). advisories...

Authored by David Brown, Lennert Preuth | Site schutzwerk.com Unauthenticated attackers can exploit a weakness in the password reset functionality of the Visual Planning application in order to obtain access...