Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Backdoor.Win32.Shark.btu MVID-2022-0615 Insecure Permissions

Authored by malvuln | Site malvuln.com Backdoor.Win32.Shark.btu malware suffers from an insecure permissions vulnerability. Change Mirror Download Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txtContact: [email protected]: twitter.com/malvulnThreat: Backdoor.Win32.Shark.btuVulnerability:...

Trojan-Mailfinder.Win32.VB.p MVID-2022-0616 Insecure Permissions

Authored by malvuln | Site malvuln.com Trojan-Mailfinder.Win32.VB.p malware suffers from an insecure permissions vulnerability. Change Mirror Download Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txtContact: [email protected]: twitter.com/malvulnThreat: Trojan-Mailfinder.Win32.VB.pVulnerability:...

Mitel 6800/6900 Series SIP Phones Backdoor Access

Authored by Moritz Abrell | Site syss.de Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on...

Lepin EP-KP001 KP001_V19 Authentication Bypass

Authored by Matthias Deeg | Site syss.de When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker...

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor

Authored by T. Weber | Site sec-consult.com Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components. advisories | CVE-2015-0235,...

SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting

Authored by Steffen Robertz | Site sec-consult.com SIEMENS-SINEMA Remote Connect versions 3.0.1.0-01.01.00.02 and below suffer from a cross site scripting vulnerability. advisories | CVE-2022-29034 Change Mirror Download SEC Consult Vulnerability Lab Security Advisory...

Gentics CMS 5.36.29 Cross Site Scripting / Deserialization

Authored by Gerhard Hechenberger, Steffen Robertz | Site sec-consult.com Gentics CMS version 5.36.29 suffers from persistent cross site scripting and unsafe java deserialization vulnerabilities. advisories | CVE-2022-30981, CVE-2022-30982 Change Mirror Download SEC Consult...

SoftGuard SNMP Network Management Extension HTML Injection / File Download

Authored by Philipp Espernberger | Site sec-consult.com SoftGuard Web (SGW) versions prior to 5.1.5 suffer from html injection and arbitrary file system access allow for file downloads. advisories | CVE-2022-31201, CVE-2022-31202 Change...

XNU Flow Divert Race Condition Use-After-Free

Authored by Google Security Research, nedwill XNU suffers from a flow divert race condition use-after-free vulnerability. advisories | CVE-2022-26757

phpIPAM 1.4.5 Remote Code Execution

Authored by Guilherme Alves phpIPAM version 1.4.5 suffers from an authenticated remote code execution vulnerability. Change Mirror Download # Exploit Title: phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)# Date: 2022-04-10# Exploit...