Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

WordPress BeTheme 26.5.1.4 PHP Object Injection

0
Authored by Julien Ahrens | Site rcesecurity.com WordPress BeTheme theme version 26.5.1.4 suffers from multiple PHP object injection vulnerabilities when processing input. advisories | CVE-2022-3861 Change Mirror Download RCE Security Advisoryhttps://www.rcesecurity.com1. ADVISORY INFORMATION=======================Product:...

ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service

0
Authored by George Tsimpidas ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 remote stack buffer overflow exploit that causes a denial of service condition. Change Mirror Download # Exploit Title: Router ZTE-H108NS -...

Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass

0
Authored by Steffen Robertz | Site sec-consult.com Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL...

BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection

0
Authored by Daniel Hirschberger | Site sec-consult.com BMC Remedy ITSM-Suite version 9.1.10 (20.02 in new versioning scheme) suffers from an html injection vulnerability. advisories | CVE-2022-26088 Change Mirror Download SEC Consult Vulnerability Lab...

Payara Platform Path Traversal

0
Authored by Michael Baer | Site sec-consult.com Payara Platform suffers from a path traversal vulnerability. Enterprise versions prior to 5.45.0 and Community versions prior to 6.2022.1, 5.2022.4, and 4.1.2.191.38 are...

Internet Download Manager 6.41 Build 3 Man-In-The-Middle

0
Authored by M. Akil Gundogan Internet Download Manager version 6.41 Build 3 suffers from a man-in-the-middle vulnerability that can enable an attacker to execute code on the victim's system. Change Mirror...

Backdoor.Win32.Quux MVID-2022-0656 Hardcoded Credential

0
Authored by malvuln | Site malvuln.com Backdoor.Win32.Quux malware suffers from a weak hardcoded credential vulnerability that can allow an attacker to achieve remote code execution. Change Mirror Download Discovery / credits: Malvuln...

Revenue Collection System 1.0 SQL Injection / Remote Code Execution

0
Authored by Joe Pollock Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk....

Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass

0
Authored by Joe Pollock Revenue Collection System version 1.0 suffers from a persistent cross site scripting vulnerability allowing an authenticated client user to add an administrative user account to the...

Gitea Git Fetch Remote Code Execution

0
Authored by krastanoel, wuhan005, li4n0 | Site metasploit.com This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the...