Sunday, February 25, 2024

Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

InstantCMS 2.16.1 Cross Site Scripting

0
Authored by SoSPiro InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access. Change Mirror Download # Exploit Title: InstantCMS - Store XSS# Application: InstantCMS...

Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass

0
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by...

Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass

0
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as...

Tourism Management System 2.0 Shell Upload

0
Authored by SoSPiro Tourism Management System version 2.0 suffers from a remote shell upload vulnerability. Change Mirror Download # Exploit Title: Tourism Management System v2.0 - Arbitrary File Upload# Google Dork: N/A#...

Petrol Pump Management Software 1.0 Shell Upload

0
Authored by SoSPiro Petrol Pump Management Software version 1.0 suffers from a remote shell upload vulnerability. Change Mirror Download # Exploit Title: Petrol pump management software - File Upload Remote Code Execution...

Microsoft Windows Defender / Detection Bypass Part 3

0
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by...

User Registration And Login And User Management System 3.1 SQL Injection

0
Authored by SoSPiro User Registration and Login and User Management System version 3.1 suffers from a remote SQL injection vulnerability. Change Mirror Download #Exploit Title: User Registration & Login and User Management...

WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution

0
Authored by prodigiousMind WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution. Change Mirror Download # Author: prodigiousMind# Exploit: Wondercms 4.3.2 XSS to RCEimport sysimport requestsimport...

Chrome chrome.pageCapture.saveAsMHTML() Extension API Blocked Origin Bypass

0
Authored by Jann Horn, Google Security Research Chrome has an issue where the chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to a racy access check. advisories | CVE-2024-0811

Employee Management System 1.0 SQL Injection

0
Authored by SoSPiro Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024. Change Mirror...
Error decoding the Instagram API json