Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw

0
Authored by malvuln | Site malvuln.com Win32.Ransom.Conti ransomware fails to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for...

Backdoor.Win32.Autocrat.b MVID-2022-0660 Weak Hardcoded Credential

0
Authored by malvuln | Site malvuln.com Backdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability. Change Mirror Download Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/4262a8b52b902aa2e6bf02a156d1b8d4.txtContact: [email protected]: twitter.com/malvulnBackup...

vBulletin 5.5.2 PHP Object Injection

0
Authored by EgiX | Site karmainsecurity.com vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized...

XNU vm_object Use-After-Free

0
Authored by Google Security Research, Ian Beer XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter. advisories | CVE-2022-42801

Chrome blink::LocalFrameView::PerformLayout Use-After-Free

0
Authored by Google Security Research, Glazvunov Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199. advisories | CVE-2022-3199, CVE-2022-3654

Sanitization Management System 1.0 SQL Injection

0
Authored by nu11secur1ty Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Title: SMS - PHP (by: oretnom23 ) v1.0 SQLi## Author: nu11secur1ty## Date: 11.25.2022##...

Helmet Store Showroom 1.0 SQL Injection

0
Authored by syad Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability. Change Mirror Download # Exploit Title: Helmet Store Showroom 1.0 - authenticated SQL Injection# Date:...

Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL

0
Authored by malvuln | Site malvuln.com Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user. Change Mirror Download Discovery / credits: Malvuln (John Page aka...

F5 BIG-IP iControl Remote Command Execution

0
Authored by Ron Bowes | Site metasploit.com This Metasploit module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results...

XNU Dangling PTE Entry

0
Authored by Google Security Research, Ian Beer XNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains. advisories | CVE-2022-32924