Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Oracle Database Protection Mechanism Bypass

0
Authored by Moritz Bechler | Site syss.de Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE's protection against man-in-the-middle attacks and hijack authenticated connections. In some configurations, a...

Backdoor.Win32.Phase.11 Code Execution

0
Authored by malvuln | Site malvuln.com Backdoor.Win32.Phase.11 malware suffers from a code execution vulnerability. Change Mirror Download Discovery / credits: Malvuln - malvuln.com (c) 2021Original source: https://malvuln.com/advisory/fb4fb710f031304d788d9cd1c4201552.txtContact: [email protected]: twitter.com/malvulnThreat: Backdoor.Win32.Phase.11Vulnerability: Unauthenticated Remote...

Oracle Database Weak NNE Integrity Key Derivation

0
Authored by Moritz Bechler | Site syss.de NNE's integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes (MACs). Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2...

WordPress Catch Themes Demo Import 1.6.1 Shell Upload

0
Authored by Ron Jost WordPress Catch Themes Demo Import plugin versions 1.6.1 and below suffer from a remote shell upload vulnerability. advisories | CVE-2021-39352 Change Mirror Download # Exploit Title: Wordpress Plugin Catch...

TestLink 1.19 Arbitrary File Download

0
Authored by Gonzalo Villegas TestLink versions 1.16 through 1.19 suffer from an arbitrary file download vulnerability. Change Mirror Download # Exploit Title: TestLink 1.19 - Arbitrary File Download (Unauthenticated)# Google Dork: inurl:/testlink/#...

LimeSurvey 5.2.4 Remote Code Execution

0
Authored by Y1LD1R1M LimeSurvey version 5.2.4 remote code execution exploit with a reverse shell. Change Mirror Download # Exploit Title: LimeSurvey 5.2.4 - Remote Code Execution (RCE) (Authenticated)# Google Dork: inurl:limesurvey/index.php/admin/authentication/sa/login# Date:...

Microsoft Office Word MSHTML Remote Code Execution

0
Authored by LockedByte, Ramella Sebastien, thesunRider, klezVirus | Site metasploit.com This Metasploit module creates a malicious docx file that when opened in Word on a vulnerable Windows system will lead...

Grafana 8.3.0 Directory Traversal / Arbitrary File Read

0
Authored by s1gh Grafana version 8.3.0 suffers from a directory traversal vulnerability that can allow for arbitrary file reading. advisories | CVE-2021-43798 Change Mirror Download # Exploit Title: Grafana 8.3.0 - Directory Traversal...

Polkit CVE-2021-3560 Research

0
Authored by Tanishq Sharma, Shikhar Saxena, Rushil Saxena This document covers a vulnerability in policy kit (polkit) used on many Linux distributions, which enables an unprivileged local user to get...

Free School Management Software 1.0 Shell Upload

0
Authored by fuuzap1 Free School Management Software version 1.0 suffers from a remote shell upload vulnerability. Change Mirror Download # Exploit Title: Free School Management Software 1.0 - Remote Code Execution (RCE)#...