Rocket LMS 1.6 Cross Site Scripting
Authored by th3d1gger
Rocket LMS version 1.6 suffers from a cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: Rocket LMS - Learning Management System Reflected Cross Site Scripting# Exploit Author:...
Academy Learning Management System 5.7 Shell Upload
Authored by th3d1gger
Academy Learning Management System version 5.7 suffers from a remote shell upload vulnerability.
Change Mirror Download
# Exploit Title: Academy Learning Management System 5.7 Shell Upload# Exploit Author: th3d1gger#...
Sagemath 9.0 Overflow / Denial Of Service
Authored by Georgi Guninski
Sagemath version 9.0 suffers from overflow and denial of service vulnerabilities.
Change Mirror Download
sagemath 9.0 and reportedly later on ubuntu 20.sagemath gives access to the python interpreter,so...
SmartRG Router 2.6.13 Remote Code Execution
Authored by Yerodin Richards
SmartRG Router version 2.6.13 suffers from a remote code execution vulnerability.
advisories | CVE-2022-37661
Change Mirror Download
# Exploit Title: SmartRG Router - Remote Code Execution# Date: 13/06/2022# Exploit...
.NET XML Signature Verification External Entity Injection
Authored by Google Security Research, Felix Wilhelm
XML signature verification in .NET 6 as implemented in System.Security.Cryptography.Xml.SignedXml is vulnerable to external entity injection attacks.
advisories | CVE-2022-34716
Windows Credential Guard KerbIumCreateApReqAuthenticator Key Information Disclosure
Authored by James Forshaw, Google Security Research
On Windows, CG API KerbIumCreateApReqAuthenticator can be used to decrypt arbitrary encrypted Kerberos keys leading to information disclosure.
advisories | CVE-2022-34711
Windows Credential Guard KerbIumGetNtlmSupplementalCredential Information Disclosure
Authored by James Forshaw, Google Security Research
On Windows, the KerbIumGetNtlmSupplementalCredential CG API does not check the encryption key type leading to information disclosure of key material.
advisories | CVE-2022-34712
InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
Authored by Jens Regel | Site crisec.de
InTouch Access Anywhere Secure Gateway versions 2020 R2 and below suffer from a path traversal vulnerability.
advisories | CVE-2022-23854
Change Mirror Download
Title:======AVEVA InTouch Access Anywhere...
Windows Credential Guard TGT Renewal Information Disclosure
Authored by James Forshaw, Google Security Research
On Windows, the Kerberos ticket renewal process can be used with CG to get an unencrypted TGT session key for a currently authenticated...
Windows Credential Guard Kerberos Change Password Privilege Escalation
Authored by James Forshaw, Google Security Research
Windows Credential guard does not prevent using encrypted Kerberos keys to change a user's password leading to elevation of privilege.
advisories | CVE-2022-35771