Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Forma SPOT-LMS 3.2.1 Cross Site Scripting

0
Authored by nu11secur1ty Forma SPOT-LMS version 3.2.1 suffers from a cross site scripting vulnerability. Change Mirror Download ## Title: Forma SPOT-LMS-3.2.1 Cross-site scripting (reflected) RCE - reset mail vulnerability## Author: nu11secur1ty## Date:...

Windows Kernel Type Confusion Memory Corruption

0
Authored by Google Security Research, mjurczyk The Windows Kernel suffers from a memory corruption vulnerability due to type confusion of subkey index leaves in registry hives. advisories | CVE-2022-38037

WordPress Blog2Social 6.9.11 Missing Authorization

0
Authored by Marco Wotschka | Site wordfence.com WordPress Blog2Social versions 6.9.11 and below suffer from a missing authorization vulnerability. advisories | CVE-2022-3622 Change Mirror Download Description: Missing Authorization to Authenticated (Subscriber+) Settings UpdateAffected...

Windows Kernel Long Registry Path Memory Corruption

0
Authored by Google Security Research, mjurczyk The Windows kernel suffers from multiple memory corruption vulnerabilities when operating on very long registry paths. advisories | CVE-2022-38038

Webmin 1.984 File Manager Remote Code Execution

0
Authored by jheysel-r7, faisalfs10x | Site metasploit.com In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities...

FLIR AX8 1.46.16 Remote Command Injection

0
Authored by Samy Younsi, Thomas Knudsen, h00die-gr3y | Site metasploit.com All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can...

Apache CouchDB Erlang Remote Code Execution

0
Authored by 1F98D, jheysel-r7, Konstantin Burov, _sadshade, Milton Valencia | Site metasploit.com In Apache CouchDB versions prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating...

Automated Tank Gauge (ATG) Remote Configuration Disclosure

0
Authored by RoseSecurity In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges (ATGs) which were publicly accessible. Besides monitoring for...

Senayan Library Management System 9.5.0 SQL Injection

0
Authored by nu11secur1ty Senayan Library Management System version 9.5.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Title: Senayan Library Management System v9.5.0 a.k.a SLIMS 9 BULIAN SQLi## Author:...

Packet Storm New Exploits For October, 2022

0
Authored by Todd J. | Site packetstormsecurity.com This archive contains all of the 88 exploits added to Packet Storm in October, 2022.