Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

pixman pixman_sample_floor_y Integer Overflow

0
Authored by Google Security Research pixman versions prior to 0.42.2 suffer from an out-of-bounds write vulnerability in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. advisories | CVE-2022-44638

SentinelOne sentinelagent 22.3.2.5 Privilege Escalation

0
Authored by ouch_this_hurts SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep. Change Mirror Download Exploit Title: SentinelOne...

perfSONAR 4.4.4 Open Proxy / Relay

0
Authored by Ryan Moore | Site github.com perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users...

perfSONAR 4.4.5 Cross Site Request Forgery

0
Authored by Ryan Moore | Site github.com A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters...

IBM Websphere Application Server 7.0 Cross Site Scripting

0
Authored by Milad Karimi IBM Websphere Application Server version 7.0 persistent cross site scripting vulnerability proof of concept details. advisories | CVE-2009-0855 Change Mirror Download # Exploit Title: IBM Websphere Application Server 7.0...

OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption

0
Authored by Martin Heiland OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities. advisories | CVE-2022-31469, CVE-2022-37307, CVE-2022-37308, CVE-2022-37309, CVE-2022-37310, CVE-2022-37311,...

Microsoft Exchange ProxyNotShell Remote Code Execution

0
Authored by Soroush Dalili, Spencer McIntyre, Orange Tsai, Rich Warren, Piotr B, DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q | Site metasploit.com This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow...

Concrete CMS 9.1.3 XPATH Injection

0
Authored by nu11secur1ty Concrete CMS version 9.1.3 suffers from an XPATH injection vulnerability. Change Mirror Download ## Title: concretecms-9.1.3 Xpath injection## Author: nu11secur1ty## Date: 11.28.2022## Vendor: https://www.concretecms.org/## Software: https://www.concretecms.org/download## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3## Description:The...

Remote Control Collection Remote Code Execution

0
Authored by h00die, H4rk3nz0 | Site metasploit.com This Metasploit module utilizes the Remote Control Server's protocol to deploy a payload and run it from the server. Remote Control Collection by...

Hirschmann (Belden) BAT-C2 8.8.1.0R8 Command Injection

0
Authored by T. Weber | Site cyberdanube.com Hirschmann (Belden) BAT-C2 version 8.8.1.0R8 suffers from a remote authenticated command injection vulnerability. advisories | CVE-2022-40282 Change Mirror Download CyberDanube Security Research 20221124-0------------------------------------------------------------------------------- ...