Exploits & CVE's

Authored by Kai Zimmermann | Site sec-consult.com Edu-Sharing suffers from an arbitrary file upload vulnerability. Versions below 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 are affected. advisories | CVE-2024-28147 Change Mirror Download SEC Consult Vulnerability Lab...

Authored by h00die-gr3y, Adhikara13 | Site metasploit.com The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling...

Authored by Daniel Hirschberger | Site sec-consult.com Faronics WINSelect versions prior to 8.30.xx.903 suffer from having hardcoded credentials, storing unhashed passwords, and configuration file modification vulnerabilities. advisories | CVE-2024-36495, CVE-2024-36496, CVE-2024-36497 Change...

Authored by Jerry Thomas Poultry Farm Management System version 1.0 remote shell upload exploit. This is a variant of the original discovery of this flaw in this software version by...

Authored by Jerry Thomas Automad version 2.0.0-alpha.4 suffers from a persistent cross site scripting vulnerability. Change Mirror Download # Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)# Date: 20-06-2024# Exploit Author:...

Authored by Andrey Stoykov SPA-CART CMS version 1.9.0.6 suffers from business logic and user enumeration flaws. Change Mirror Download # Exploit Title: Business Logic Flaw and Username Enumeration inspa-cartcmsv1.9.0.6# Date: 6/2024# Exploit...

Authored by malvuln | Site malvuln.com Backdoor.Win32.Plugx malware suffers from an insecure permissions vulnerability. Change Mirror Download Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/eeb631127f1b9fb3d13d209d8e675634.txtContact: [email protected]: x.com/malvuln ...

Authored by Jann Horn, Google Security Research PowerVR suffers from an uninitialized memory disclosure and crash due to out-of-bounds reads in hwperf_host_%d stream.

Authored by Jann Horn, Google Security Research PowerVR suffers from an out-of-bounds write of firmware addresses in PVRSRVRGXKickTA3DKM().

Authored by jheysel-r7, Mr-xn | Site metasploit.com Apache OFBiz versions prior to 18.12.13 are vulnerable to a path traversal vulnerability. The vulnerable endpoint /webtools/control/forgotPassword allows an attacker to access the...