MinIO Privilege Escalation
Authored by Jenson Zhao
MinIO versions prior to 2024-01-31T20-20-33Z suffer from a privilege escalation vulnerability.
advisories | CVE-2024-24747
Change Mirror Download
# Exploit Title: MinIO < 2024-01-31T20-20-33Z - Privilege Escalation# Date: 2024-04-11#...
Centreon 23.10-1.el8 SQL Injection
Authored by Cody Sixteen | Site code610.blogspot.com
Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.
Change Mirror Download
;; Postauth SQL Injection in Centreon 23.10-1.el8;; by code610;; ;; found...
Windows NtQueryInformationThread Double-Fetch / Arbitrary Write
Authored by gabe_k
Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in NtQueryInformationThread that leads to an arbitrary...
Backdoor.Win32.Dumador.c MVID-2024-0679 Buffer Overflow
Authored by malvuln | Site malvuln.com
Backdoor.Win32.Dumador.c malware suffers from a buffer overflow vulnerability.
Change Mirror Download
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txtContact: [email protected]: twitter.com/malvulnThreat: Backdoor.Win32.Dumador.cVulnerability:...
Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect
Authored by Andrey Stoykov
Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.
Change Mirror Download
# Exploit Title: Multiple Web Flaws in concretecmsv9.2.7# Date:...
CrushFTP Remote Code Execution
Authored by Christophe de la Fuente, Ryan Emmons | Site metasploit.com
This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote...
Event Management 1.0 SQL Injection
Authored by SoSPiro
Event Management version 1.0 suffers from a remote SQL injection vulnerability.
Change Mirror Download
# Exploit Title: Event Management - SQL Injection# Application: Event Management# Date: 19.02.2024# Bugs: SQL...
Palo Alto PAN-OS Command Execution / Arbitrary File Creation
Authored by Kr0ff
Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.
advisories | CVE-2024-3400
Change Mirror Download
# Exploit Title: Palo Alto PAN-OS < v11.1.2-h3 ...
CHAOS RAT 5.0.1 Remote Command Execution
Authored by chebuya
CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the...
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
Authored by Georgios Tsimpidas, Frey
GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.
advisories | CVE-2024-31777
Change Mirror Download
import...