Chevereto 3.17.1 Cross Site Scripting
Authored by Akiner Kisa
Chevereto version 3.17.1 suffers from a persistent cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: Chevereto 3.17.1 - Cross Site Scripting (Stored)# Google Dork: "powered by...
Backdoor.Win32.Delf.zho Authentication Bypass / Code Execution
Authored by malvuln | Site malvuln.com
Backdoor.Win32.Delf.zho malware suffers from bypass and code execution vulnerabilities.
Change Mirror Download
Discovery / credits: Malvuln - malvuln.com (c) 2021Original source: https://malvuln.com/advisory/6b9f5a0512af3ab33c26eaa4bdf94f1f.txtContact: [email protected]: twitter.com/malvulnThreat: Backdoor.Win32.Delf.zhoVulnerability: Authentication...
Windows Container Manager Service CmsRpcSrv_CreateContainer Privilege Escalation
Authored by James Forshaw, Google Security Research
The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another...
Windows Container Manager Service CmsRpcSrv_MapVirtualDiskToContainer Privilege Escalation
Authored by James Forshaw, Google Security Research
The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.
advisories | CVE-2021-31168
Windows Container Manager Service Arbitrary Object Directory Creation Privilege Escalation
Authored by James Forshaw, Google Security Research
The Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.
advisories | CVE-2021-31169
OpenNetAdmin 18.1.1 Remote Command Execution
Authored by Alexandre Zanni
OpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe.
Change Mirror...
AWS CloudShell Terminal Escape Injection / Remote Code Execution
Authored by Google Security Research, Felix Wilhelm
The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker...
Mozilla Windows Maintenance Service Weak DACL
Authored by James Forshaw, Google Security Research
Mozilla's Firefox 85 for Windows has a weak DACL for domain networks.
advisories | CVE-2021-29951
SIS-REWE GO 7.5.0/12C Cross Site Scripting
Authored by S. Robertz, Florian Lienhart | Site sec-consult.com
SIS-REWE GO version 7.5.0/12C suffers from multiple cross site scripting vulnerabilities.
advisories | CVE-2021-31537
Change Mirror Download
SEC Consult Vulnerability Lab Security Advisory <...
ERPNext 12.18.0 / 13.0.0 SQL Injection
Authored by Stefan Pietsch, Nick Decker | Site trovent.io
ERPNext versions 12.18.0 and 13.0.0 suffer from an authenticated remote SQL injection vulnerability.
Change Mirror Download
# Trovent Security Advisory 2103-01 ######################################Authenticated SQL...
