Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

AppleAVD deallocateKernelMemoryInternal Missing Surface Lock

0
Authored by Google Security Research, natashenka In AppleAVD.kext, pixel buffers are mapped by calling AppleAVDUserClient::_mapPixelBuffer, which eventually calls AppleAVD::allocateKernelMemoryInternal. If the buffer is an IOSurface, the function calls IOSurface::deviceLockSurface before...

AppleAVD AppleAVDUserClient::decodeFrameFig Memory Corruption

0
Authored by Google Security Research, natashenka In the function AppleAVDUserClient::decodeFrameFig, a location in the decoder's IOSurface input buffer is calculated, and then bzero is called on it. The size of...

Cisco Secure Email Gateway Malware Detection Evasion

0
Change Mirror Download This report is being published within a coordinated disclosureprocedure. The researcher has been in contact with the vendorbut not received a satisfactory response within a given...

WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery

0
Authored by Julien Ahrens | Site rcesecurity.com WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability. advisories | CVE-2022-3747 Change Mirror Download RCE Security Advisoryhttps://www.rcesecurity.com1. ADVISORY...

VMware NSX Manager XStream Unauthenticated Remote Code Execution

0
Authored by mr_me, Sina Kheirkhah, h00die-gr3y | Site metasploit.com VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of...

Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution

0
Authored by malvuln | Site malvuln.com Backdoor.Win32.RemServ.d malware suffers from a remote command execution vulnerability. Change Mirror Download Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txtContact: [email protected]: twitter.com/malvulnThreat:...

libxml2 Attribute Parsing Double-Free

0
Authored by Google Security Research libxml2 suffers from a double-free vulnerability when parsing default attributes. advisories | CVE-2022-40304

libxml2 xmlParseNameComplex Integer Overflow

0
Authored by Google Security Research libxml2 suffers from an integer overflow vulnerability in xmlParseNameComplex. advisories | CVE-2022-29824, CVE-2022-40303 Change Mirror Download libxml2: Integer overflow in xmlParseNameComplexlibxml2 is vulnerable to an integer overflow in...

Node-saml Root Element Signature Bypass

0
Authored by Google Security Research, Felix Wilhelm Node-saml and its partner project passport-saml are vulnerable to an authentication bypass due to lax parsing of SAML responses. advisories | CVE-2022-39299

IOTransfer 4 Unquoted Service Path

0
Authored by BLAY ABU SAFIAN IOTransfer version 4 suffers from an unquoted service path vulnerability. Change Mirror Download # Exploit Title: IOTransfer V4 - Unquoted Service Path# Exploit Author: BLAY ABU SAFIAN...