SugarCRM 13.0.1 Shell Upload
Authored by EgiX | Site karmainsecurity.com
SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.
Change Mirror Download
-------------------------------------------------------------------------------SugarCRM <= 13.0.1 (set_note_attachment) Unrestricted File...
phpFox 4.8.13 PHP Object Injection
Authored by EgiX | Site karmainsecurity.com
phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly...
Splunk edit_user Capability Privilege Escalation
Authored by Heyder Andrade, RedWay Security, Santiago Lopez | Site metasploit.com
Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned...
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service
Authored by LiquidWorm | Site zeroscience.mk
VIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request...
PowerVR Out-Of-Bounds Access / Information Leak
Authored by Jann Horn, Google Security Research
PowerVR suffers from a multitude of memory management bugs including out-of-bounds access and information leakage.
advisories | CVE-2021-1050, CVE-2023-35685
Moodle 4.3 Cross Site Scripting
Authored by tmrswrr
Moodle version 4.3 suffers from a cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: Moodle 4.3 Reflected XSS # Date: 21/10/2023# Exploit Author: tmrswrr# Vendor Homepage: https://moodle.org/#...
VMWare Aria Operations For Networks SSH Private Key Exposure
Authored by h00die, Harsh Jaiswal, Rahul Maini, SinSinology | Site metasploit.com
VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on...
WordPress LiteSpeed Cache 5.6 Cross Site Scripting
Authored by Lana Codes | Site wordfence.com
WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.
advisories | CVE-2023-4372
Change Mirror Download
Vulnerability Summary from Wordfence...
NLB mKlik Makedonija 3.3.12 SQL Injection
Authored by Neurogenesia | Site zeroscience.mk
NLB mKlik Makedonija version 3.3.12 suffers from a remote SQL injection vulnerability.
Change Mirror Download
NLB mKlik Makedonija 3.3.12 SQL InjectionVendor: NLB Banka AD SkopjeProduct web...
XNSoft Nconvert 7.136 Buffer Overflow / Denial Of Service
Authored by Michele Toccagni | Site toccagni.info
XNSoft Nconvert version 7.136 is vulnerable to buffer overflow and denial of service conditions. Proof of concepts included.
advisories | CVE-2023-43250, CVE-2023-43251, CVE-2023-43252
