Apache ActiveMQ Unauthenticated Remote Code Execution
Authored by sfewer-r7, X1r0z | Site metasploit.com
This Metasploit module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0...
AjaxPro Deserialization Remote Code Execution
Authored by Hans-Martin Munch, Jemmy Wang | Site metasploit.com
This Metasploit module leverages an insecure deserialization of data to get remote code execution on the target OS in the context...
mtk-jpeg Driver Out-Of-Bounds Read / Write
Authored by Google Security Research, Seth Jenkins
An out-of-bounds read / write due to missing bounds check in the mtk-jpeg driver can lead to memory corruption and potential escalation of...
Citrix Bleed Session Token Leakage Proof Of Concept
Authored by Assetnote Security Research Team | Site assetnote.io
Citrix NetScaler ADC and NetScaler Gateway proof of concept exploit for the session token leakage vulnerability as described in CVE-2023-4966.
advisories |...
Oracle 19c / 21c Sharding Component Password Hash Exposure
Authored by Emad Al-Mousa
Oracle database versions 19.3 through 19.20 and 21.3 through 21.11 have an issue where an account with create session and select any dictionary can view password...
WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion
Authored by Marco Wotschka | Site wordfence.com
WordPress AI ChatBot plugin versions 4.8.9 and below suffer from arbitrary file deletion, remote SQL injection, and directory traversal vulnerabilities.
advisories | CVE-2023-5204, CVE-2023-5212,...
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution
Authored by LiquidWorm | Site zeroscience.mk
TEM Opera Plus FM Family Transmitter version 35.45 suffers from a remote code execution vulnerability.
Change Mirror Download
TEM Opera Plus FM Family Transmitter 35.45 Remote...
TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery
Authored by LiquidWorm | Site zeroscience.mk
TEM Opera Plus FM Family Transmitter version 35.45 suffers from a cross site request forgery vulnerability.
Change Mirror Download
<!--TEM Opera Plus FM Family Transmitter 35.45...
XAMPP 3.3.0 Buffer Overflow
Authored by Talson
XAMPP version 3.3.0 .ini unicode + SEH buffer overflow exploit.
advisories | CVE-2023-46517
Change Mirror Download
# Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow (Unicode + SEH)# Date: 2023-10-26#...
SugarCRM 13.0.1 Server-Side Template Injection
Authored by EgiX | Site karmainsecurity.com
SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be...
