OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
Authored by Martin Heiland
Open-Xchange OX App Suite, OX Guard, and OX Documents suffer from server-side request forgery and cross site scripting vulnerabilities. Some of these issues only affect version...
Linux Kernel Netfilter Heap Out-Of-Bounds Write
Authored by Andy Nguyen
A heap out-of-bounds write affecting the Linux kernel since version 2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a denial...
WordPress Current Book 1.0.1 Cross Site Scripting
Authored by Vikas Srivastava
WordPress Current Book plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: WordPress Plugin Current Book 1.0.1 - 'Book Title...
Microsoft Hyper-V vmswitch.sys Proof Of Concept
Authored by 0vercl0k | Site github.com
This is a proof of concept for CVE-2021-28476 ("Hyper-V Remote Code Execution Vulnerability"), an arbitrary memory read in vmswitch.sys (network virtualization service provider) patched...
Realtek RTKVHD64.sys Out-Of-Bounds Access
Authored by 0vercl0k | Site github.com
Proof of concept exploit for an out-of-bounds access vulnerability in the Realtek RTKVHD64.sys, leading to pool corruption.
advisories | CVE-2021-32537
Windows TCP/IP Denial Of Service
Authored by 0vercl0k | Site github.com
This is a proof of concept for a Windows TCP/IP denial of service vulnerability due to a NULL dereference in tcpip.sys. This was patched...
XNU Network Stack Kernel Heap Overflow
Authored by Google Security Research, ianbeer
XNU suffers from a network stack kernel heap overflow due to an out-of-bounds memmove in 6lowpan. Proof of concept code included.
advisories | CVE-2020-9967, CVE-2021-30736
Microsoft Windows CreateProcessWithLogon Write Restricted Service Privilege Escalation
Authored by James Forshaw, Google Security Research
Microsoft Windows has an issue where you can use the CreateProcessWithLogon API to escape a write restricted service and achieve full write access...
Schneider Electric EVlink Charging Stations Authentication Bypass / Code Execution
Authored by Stefan Viehbock | Site sec-consult.com
Multiple Schneider Electric EVlink Charging Stations suffers from authentication bypass and remote code execution vulnerabilities.
advisories | CVE-2021-22707, CVE-2021-22708
Change Mirror Download
SEC Consult Vulnerability Lab...
osCommerce 2.3.4.1 Remote Code Execution
Authored by Bryan Leong
osCommerce version 2.3.4.1 remote code execution exploit. This is a variant of the original discovery of code execution in this version by Simon Scannell in March...