Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Linux KVM Instruction Emulation Issue

0
Authored by Jann Horn, Google Security Research KVM instruction emulation can run while KVM_VCPU_PREEMPTED is set, which can lead other vcpus to skip sending TLB flush IPIs. As a consequence,...

WordPress Core Cross Site Scripting / SQL Injection

0
Authored by Khalilov Moe, FVD, John Blackbourn | Site wordfence.com The WordPress Core version 6.0.2 release addresses cross site scripting and remote SQL injection vulnerabilities. Change Mirror Download Description: SQL Injection via...

PrestaShop Ap Pagebuilder 2.4.4 SQL Injection

0
Authored by Mohamed Ali Hammami PrestaShop Ap Pagebuilder module versions 2.4.4 and below suffer from a remote SQL injection vulnerability. advisories | CVE-2022-22897 Change Mirror Download # Exploit Title: AP PAGEBUILDER Prestashop...

Zimbra Zip Path Traversal

0
Authored by Ron Bowes, Volexity Threat Research, Yang_99s Nest | Site metasploit.com This Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration...

Arm Mali CSF VMA Split Mishandling

0
Authored by Jann Horn, Google Security Research In the Arm Mali driver's handling of CSF user I/O mappings, VMA splitting is handled incorrectly, leading to a page being given back...

Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution

0
Authored by Spencer McIntyre, Markus Wulftange, zcgonvh, Grant Willcox, testanull, PeterJson, Microsoft Threat Intelligence Center, Microsoft Security Response Center, pwnforsp | Site metasploit.com This Metasploit module exploits vulnerabilities within the...

10-Strike Network Inventory Explorer 9.3 Buffer Overflow

0
Authored by Ricardo Jose Ruiz Fernandez 10-Strike Network Inventory Explorer versions 9.3 and below are vulnerable to a SEH based buffer overflow which leads to code execution or local privilege...

Teleport 9.3.6 Command Injection

0
Authored by Brian Landrum, Brandon Roach Teleport 9.3.6 is vulnerable to command injection leading to remote code execution. An attacker can craft a malicious ssh agent installation link by URL...

Personnel Property Equipment 2015-2022 SQL Injection

0
Authored by nu11secur1ty Personnel Property Equipment 2015-2022 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Title: Personnel Property Equipment-2015-2022 SQLi,Unauthenticated-File-Upload## Author: nu11secur1ty## Date: 08.22.2022## Vendor Homepage: https://www.trickcode.in/## Video vendor:...

AppleAVD AVC_RBSP::parseSliceHeader ref_pic_list_modification Overflow

0
Authored by Google Security Research, natashenka There is a buffer overflow in how AppleAVD.kext parses the ref_pic_list_modification component of H264 slice headers in AVC_RBSP::parseSliceHeader. When pic modification entries are copied...