Exploits & CVE's

Authored by nu11secur1ty Tenant Limited version 1.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Titles: TENANT-LIMITED-1.0 SQLi## Author: nu11secur1ty## Date: 05/20/2024## Vendor: https://mayurik.com/## Software:https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The username...

Authored by Jann Horn, Google Security Research Arm Mali versions since r45p0 suffer from a broken KBASE_USER_BUF_STATE_* state machine for userspace mappings that can lead to a use-after-free condition. advisories |...

Authored by Jann Horn, Google Security Research PowerVR suffers from a use-after-free vulnerability in _UnrefAndMaybeDestroy(). advisories | CVE-2024-34724

Authored by Jann Horn, Google Security Research PowerVR suffers from a wrong order of operations in DevmemIntChangeSparse2() that leads to a temporarily dangling page table entry. advisories | CVE-2024-31335

Authored by Ahmet Umit Bayram Backdrop CMS version 1.27.1 suffers from a remote command execution vulnerability. Change Mirror Download # Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution (RCE)# Date: 04/27/2024#...

Authored by Abdualhadi Khalifa Apache OFBiz versions 18.12.12 and below suffer from a directory traversal vulnerability. Change Mirror Download # Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal# Google Dork: N/A# Date:...

Authored by Abdualhadi Khalifa WordPress XStore theme version 9.3.8 suffers from a remote SQL injection vulnerability. advisories | CVE-2024-33559 Change Mirror Download # Exploit Title: Wordpress Theme XStore 9.3.8 - SQLi# Google Dork:...

Authored by Ilyase Dehy, Aymane MAZGUITI Zope version 5.9 suffers from a command injection vulnerability in /utilities/mkwsgiinstance.py. advisories | CVE-2024-33828 Change Mirror Download # Vulnerability Report## Title: Command Argument Injection Vulnerability in Zope...

Authored by Mingshuo Li, Fabian Hagg | Site sec-consult.com SAP Cloud Connector versions 2.15.0 through 2.16.1 were found to happily accept self-signed TLS certificates between SCC and SAP BTP. advisories |...

Authored by EgiX | Site karmainsecurity.com Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php. advisories | CVE-2024-25641 Change Mirror Download ----------------------------------------------------------------Cacti <= 1.2.26 (import.php) Remote Code...