Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Windows Kernel nt!MiRelocateImage Invalid Read

Authored by Google Security Research, mjurczyk The Microsoft Windows kernel suffers from an invalid read in nt!MiRelocateImage while parsing a malformed PE file. advisories | CVE-2022-30155

Travel Tours Script 1.0 SQL Injection

Authored by CraCkEr Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ┌┌────────────────────────────────────────────────────────────────────────────┐││ ...

Property Listing Script 3.1 SQL Injection

Authored by CraCkEr Property Listing Script version 3.1 suffers from a remote SQL injection vulnerability. Change Mirror Download ┌┌────────────────────────────────────────────────────────────────────────────────────┐││ ...

Orange Station 1.0 SQL Injection

Authored by nu11secur1ty Orange Station version 1.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Title: Orange Station 1.0 SQLi## Author: nu11secur1ty## Date: 0.16.2022## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html## Reference:...

Backdoor.Win32.HoneyPot.a MVID-2022-0622 Weak Hardcoded Password

Authored by malvuln | Site malvuln.com Backdoor.Win32.HoneyPot.a malware suffers from a weak hardcoded password vulnerability. Change Mirror Download Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/e3bb503f9b02cf57341695f30e31128f.txtContact: [email protected]: twitter.com/malvulnThreat:...

Builder XtremeRAT 3.7 MVID-2022-0623 Insecure Permissions

Authored by malvuln | Site malvuln.com Builder XtremeRAT malware version 3.7 suffers from an insecure permissions vulnerability. Change Mirror Download Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65.txtContact:...

Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass

Authored by malvuln | Site malvuln.com Builder XtremeRAT malware version 3.7 suffers from an insecure cryptography implementation vulnerability that allows an attacker to login with only partial knowledge of a...

Asus GameSDK 1.0.0.4 Unquoted Service Path

Authored by Angelo Pio Amirante Asus GameSDK version 1.0.0.4 suffers from an unquoted service path vulnerability in GameSDK.exe. advisories | CVE-2022-35899 Change Mirror Download # Exploit Title: Asus GameSDK v1.0.0.4 - 'GameSDK.exe' Unquoted...

Windows LSA Service LsapGetClientInfo Impersonation Level Check Privilege Escalation

Authored by James Forshaw, Google Security Research On Microsoft Windows, the LsapGetClientInfo API in LSASRV will fallback and directly capture a caller's impersonation token if it fails to impersonate, leading...

Sourcegraph gitserver sshCommand Remote Command Execution

Authored by Spencer McIntyre, Altelus1 | Site metasploit.com A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value...