Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw
Authored by malvuln | Site malvuln.com
Win32.Ransom.Conti ransomware fails to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for...
Backdoor.Win32.Autocrat.b MVID-2022-0660 Weak Hardcoded Credential
Authored by malvuln | Site malvuln.com
Backdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.
Change Mirror Download
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/4262a8b52b902aa2e6bf02a156d1b8d4.txtContact: [email protected]: twitter.com/malvulnBackup...
vBulletin 5.5.2 PHP Object Injection
Authored by EgiX | Site karmainsecurity.com
vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized...
XNU vm_object Use-After-Free
Authored by Google Security Research, Ian Beer
XNU suffers from a vm_object use-after-free vulnerability due to invalid error handling in vm_map_enter.
advisories | CVE-2022-42801
Chrome blink::LocalFrameView::PerformLayout Use-After-Free
Authored by Google Security Research, Glazvunov
Chrome suffers from a heap use-after-free vulnerability in blink::LocalFrameView::PerformLayout due to an incomplete fix for CVE-2022-3199.
advisories | CVE-2022-3199, CVE-2022-3654
Sanitization Management System 1.0 SQL Injection
Authored by nu11secur1ty
Sanitization Management System version 1.0 suffers from a remote SQL injection vulnerability.
Change Mirror Download
## Title: SMS - PHP (by: oretnom23 ) v1.0 SQLi## Author: nu11secur1ty## Date: 11.25.2022##...
Helmet Store Showroom 1.0 SQL Injection
Authored by syad
Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.
Change Mirror Download
# Exploit Title: Helmet Store Showroom 1.0 - authenticated SQL Injection# Date:...
Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL
Authored by malvuln | Site malvuln.com
Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.
Change Mirror Download
Discovery / credits: Malvuln (John Page aka...
F5 BIG-IP iControl Remote Command Execution
Authored by Ron Bowes | Site metasploit.com
This Metasploit module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results...
XNU Dangling PTE Entry
Authored by Google Security Research, Ian Beer
XNU suffers from a dangling PTE entry due to integer truncation when collapsing vm_object shadow chains.
advisories | CVE-2022-32924





