Exploits & CVE's

Authored by hyp3rlinx | Site hyp3rlinx.altervista.org This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by...

Authored by Peter Gabaldon | Site pgj11.com LaborOfficeFree installs a MySQL instance that runs as SYSTEM and calculates the MySQL root password based on two constants. Each time the program...

Authored by parsa rezaie khiabanloo Splunk version 9.0.4 suffers from an information disclosure vulnerability. Change Mirror Download # Exploit Title: Splunk 9.0.4 - Information Disclosure# Date: 2023-09-18# Exploit Author: Parsa rezaie khiabanloo#...

Authored by Metin Yunus Kandemir ManageEngine ADManager Plus versions prior to build 7183 suffers from a recovery password disclosure vulnerability. advisories | CVE-2023-31492 Change Mirror Download # Exploit Title: ManageEngine ADManager Plus Build...

Authored by nu11secur1ty XoopsCore25 version 2.5.11 suffers from a cross site scripting vulnerability. Change Mirror Download ## Title: XoopsCore25-2.5.11-XSS-Reflected## Author: nu11secur1ty## Date: 02/12/2024## Vendor: https://xoops.org/## Software: https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.11## Reference: https://portswigger.net/kb/issues/00200300_cross-site-scripting-reflected## Description:The value of...

Authored by Google Security Research, Seth Jenkins The MediaTek WLAN driver has VFS read handlers that do not check buffer size leading to userland memory corruption.

Authored by DEFCESCO KiTTY versions 0.76.1.13 and below suffer from a command injection vulnerability when getting a remote file through scp. It appears to leverage an ANSI escape sequence issue...

Authored by DEFCESCO KiTTY versions 0.76.1.13 and below suffer from buffer overflows related to ANSI escape sequences. Two exploits are included as proof of concepts as well as a full...

Authored by Marco Ivaldi Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions...

Authored by Milad Karimi WordPress Seotheme plugin suffers from a remote shell upload vulnerability. It is unclear which versions are affected. Change Mirror Download # Exploit Title: Wordpress Seotheme - Remote Code...