Windows Kernel Subkey List Use-After-Free
Authored by Google Security Research, mjurczyk
The Windows Kernel suffers from a subkey list use-after-free vulnerability due to a mishandling of partial success in CmpAddSubKeyEx.
advisories | CVE-2024-26182
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
Authored by Georgios Tsimpidas, Frey
GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.
advisories | CVE-2024-31777
Change Mirror Download
import...
Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect
Authored by Andrey Stoykov
Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.
Change Mirror Download
# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7# Date:...
Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure
Authored by Clement Cruchet
An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code...
MinIO Privilege Escalation
Authored by Jenson Zhao
MinIO versions prior to 2024-01-31T20-20-33Z suffer from a privilege escalation vulnerability.
advisories | CVE-2024-24747
Change Mirror Download
# Exploit Title: MinIO < 2024-01-31T20-20-33Z - Privilege Escalation# Date: 2024-04-11#...
WordPress Playlist For Youtube 1.32 Cross Site Scripting
Authored by Erdemstar
WordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site...
Ray OS 2.6.3 Command Injection
Authored by Fire_Wolf
The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell,...
Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path
Authored by Joseph Kwabena Fiagbor
Terratec dmx_6fire USB version 1.23.0.02 suffers from an unquoted service path vulnerability.
advisories | CVE-2024-31804
Change Mirror Download
# Exploit Title: Terratec dmx_6fire USB - Unquoted Service...
Open Source Medicine Ordering System 1.0 SQL Injection
Authored by Onur Karasalihoglu
Open Source Medicine Ordering System version 1.0 suffers from a remote SQL Injection vulnerability.
Change Mirror Download
# Exploit Title : Open Source Medicine Ordering System v1.0 -...
Daily Expense Manager 1.0 SQL Injection
Authored by Stefan Hesselman
Daily Expense Manager version 1.0 suffers from a remote SQL injection vulnerability.
Change Mirror Download
# Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi# Date: February 25th,...
