Exploits & CVE's

Authored by Youssef Muhammad Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability. advisories | CVE-2023-26360 Change Mirror Download # Exploit Title: File Read...

Authored by Abhishek Morla Sitecore version 8.2 suffers from a remote code execution vulnerability. advisories | CVE-2023-35813 Change Mirror Download #!/usr/bin/env python3## Exploit Title: Sitecore - Remote Code Execution v8.2 # Exploit Author:...

Authored by Matheus Boschetti Numbas versions prior to 7.3 suffer from a remote code execution vulnerability. advisories | CVE-2024-27612 Change Mirror Download # Exploit Title: Numbas < v7.3 - Remote Code Execution# Google...

Authored by Srikar Human Resource Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Abdulhakim Oner in...

Authored by chebuya NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to...

Authored by chebuya Ladder versions 0.0.1 through 0.0.21 fail to apply sufficient default restrictions on destination addresses, allowing an attacker to make GET requests to addresses that would typically not...

Authored by Emad Al-Mousa MongoDB versions 2.0.1, 2.1.1, 2.1.4, and 2.1.5 appear to suffer from multiple localized password disclosure issues. Change Mirror Download Title: MongoDB MONGOSH Password Exposure VulnerabilityProduct: ...

Authored by W01fh4cker | Site github.com JetBrains TeamCity versions prior to 2023.11.4 remote authentication bypass exploit that can be leveraged for user addition and remote code execution. advisories | CVE-2024-27198

Authored by Jaggar Henry | Site korelogic.com Artica Proxy versions 4.40 and 4.50 suffer from a local file inclusion protection bypass vulnerability that allows for path traversal. advisories | CVE-2024-2053 Change Mirror...

Authored by Jaggar Henry | Site korelogic.com The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data...