Linux USB Use-After-Free
Authored by Jann Horn, Google Security Research
Linux USB usbnet tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.
Apache Tomcat Privilege Escalation
Authored by h00die, Dawid Golunski | Site metasploit.com
This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions...
Oracle DB Broken PDB Isolation / Metadata Exposure
Authored by Emad Al-Mousa
Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different...
WordPress Profile Builder 3.9.0 Missing Authorization
Authored by Lana Codes | Site wordfence.com
WordPress Profile Builder plugin versions 3.9.0 and below suffer from a missing authorization vulnerability in wppb_toolbox_usermeta_handler().
advisories | CVE-2023-0814
Change Mirror Download
Description: Profile Builder –...
Fortinet FortiNAC keyUpload.jsp Arbitrary File Write
Authored by jheysel-r7, Zach Hanley, Gwendal Guegniaud | Site metasploit.com
This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes...
Webpower UPS 5.53 Denial Of Service
Authored by Yehia Elghaly
Webpower UPS version 5.53 suffers from an HTTP denial of service vulnerability.
Change Mirror Download
# Exploit Title: Webpower UPS v5.53 HTTP Denial of Service# Date: 2023-03-09# Exploit...
Real Time Automation 460MCBS 5.2.14 Cross Site Scripting
Authored by Yehia Elghaly
Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability.
Change Mirror Download
Exploit Title: Real Time Automation 460MCBS Cross Site Scripting (XSS)Date: 2023-03-09Exploit...
SugarCRM 12.x Remote Code Execution / Shell Upload
Authored by sw33t.0day | Site metasploit.com
This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and...
Shopify Cross Site Scripting
Authored by Andrey Stoykov
Shopify suffers from a cross site scripting vulnerability.
Change Mirror Download
Correspondence from Shopify declined to comment regarding new discoveredvulnerabilities within their website.Although 'frontend' vulnerabilities are considered out...
Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
Authored by Steffen Robertz | Site sec-consult.com
Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities.
advisories | CVE-2023-27571, CVE-2023-27572
Change Mirror Download
SEC Consult Vulnerability Lab...