WordPress Playlist For Youtube 1.32 Cross Site Scripting
Authored by Erdemstar
WordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site...
Kruxton 1.0 Shell Upload
Authored by nu11secur1ty
Kruxton version 1.0 suffers from a remote shell upload vulnerability.
Change Mirror Download
## Title: kruxton-1.0-FileUpload-RCE## Author: nu11secur1ty## Date: 04/15/2024## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html## Reference: https://portswigger.net/web-security/file-upload## Description:The system setting...
Relate Learning And Teaching System SSTI / Remote Code Execution
Authored by kai6u
Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the...
PowerVR PMRMMapPMR() Writability Check
Authored by Jann Horn, Google Security Research
PowerVR has a security issue where a writability check in PMRMMapPMR() does not clear VM_MAYWRITE.
Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path
Authored by Joseph Kwabena Fiagbor
Terratec dmx_6fire USB version 1.23.0.02 suffers from an unquoted service path vulnerability.
advisories | CVE-2024-31804
Change Mirror Download
# Exploit Title: Terratec dmx_6fire USB - Unquoted Service...
Amazon AWS Glue Database Password Disclosure
Authored by Michael Werner | Site sec-consult.com
The password of database connections in AWS Glue is loaded into the website when a connection's edit page is requested. Principals with appropriate...
Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure
Authored by Clement Cruchet
An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code...
Visual Studio Code Execution
Authored by h00die | Site metasploit.com
This Metasploit module creates a vsix file which can be installed in Visual Studio Code as an extension. At activation/install, the extension will execute...
Nginx 1.25.5 Host Header Validation
Authored by dhteam
Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice.
Change Mirror Download
# Nginx =< 1.25.5 $host...
Ray OS 2.6.3 Command Injection
Authored by Fire_Wolf
The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell,...