WordPress BeTheme 26.5.1.4 PHP Object Injection
Authored by Julien Ahrens | Site rcesecurity.com
WordPress BeTheme theme version 26.5.1.4 suffers from multiple PHP object injection vulnerabilities when processing input.
advisories | CVE-2022-3861
Change Mirror Download
RCE Security Advisoryhttps://www.rcesecurity.com1. ADVISORY INFORMATION=======================Product:...
ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service
Authored by George Tsimpidas
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 remote stack buffer overflow exploit that causes a denial of service condition.
Change Mirror Download
# Exploit Title: Router ZTE-H108NS -...
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
Authored by Steffen Robertz | Site sec-consult.com
Simmeth System GmbH Supplier Manager (Lieferantenmanager) versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL...
BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection
Authored by Daniel Hirschberger | Site sec-consult.com
BMC Remedy ITSM-Suite version 9.1.10 (20.02 in new versioning scheme) suffers from an html injection vulnerability.
advisories | CVE-2022-26088
Change Mirror Download
SEC Consult Vulnerability Lab...
Payara Platform Path Traversal
Authored by Michael Baer | Site sec-consult.com
Payara Platform suffers from a path traversal vulnerability. Enterprise versions prior to 5.45.0 and Community versions prior to 6.2022.1, 5.2022.4, and 4.1.2.191.38 are...
Internet Download Manager 6.41 Build 3 Man-In-The-Middle
Authored by M. Akil Gundogan
Internet Download Manager version 6.41 Build 3 suffers from a man-in-the-middle vulnerability that can enable an attacker to execute code on the victim's system.
Change Mirror...
Backdoor.Win32.Quux MVID-2022-0656 Hardcoded Credential
Authored by malvuln | Site malvuln.com
Backdoor.Win32.Quux malware suffers from a weak hardcoded credential vulnerability that can allow an attacker to achieve remote code execution.
Change Mirror Download
Discovery / credits: Malvuln...
Revenue Collection System 1.0 SQL Injection / Remote Code Execution
Authored by Joe Pollock
Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk....
Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass
Authored by Joe Pollock
Revenue Collection System version 1.0 suffers from a persistent cross site scripting vulnerability allowing an authenticated client user to add an administrative user account to the...
Gitea Git Fetch Remote Code Execution
Authored by krastanoel, wuhan005, li4n0 | Site metasploit.com
This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the...





