Linux KVM Instruction Emulation Issue
Authored by Jann Horn, Google Security Research
KVM instruction emulation can run while KVM_VCPU_PREEMPTED is set, which can lead other vcpus to skip sending TLB flush IPIs. As a consequence,...
WordPress Core Cross Site Scripting / SQL Injection
Authored by Khalilov Moe, FVD, John Blackbourn | Site wordfence.com
The WordPress Core version 6.0.2 release addresses cross site scripting and remote SQL injection vulnerabilities.
Change Mirror Download
Description: SQL Injection via...
PrestaShop Ap Pagebuilder 2.4.4 SQL Injection
Authored by Mohamed Ali Hammami
PrestaShop Ap Pagebuilder module versions 2.4.4 and below suffer from a remote SQL injection vulnerability.
advisories | CVE-2022-22897
Change Mirror Download
# Exploit Title: AP PAGEBUILDER Prestashop...
Zimbra Zip Path Traversal
Authored by Ron Bowes, Volexity Threat Research, Yang_99s Nest | Site metasploit.com
This Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration...
Arm Mali CSF VMA Split Mishandling
Authored by Jann Horn, Google Security Research
In the Arm Mali driver's handling of CSF user I/O mappings, VMA splitting is handled incorrectly, leading to a page being given back...
Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution
Authored by Spencer McIntyre, Markus Wulftange, zcgonvh, Grant Willcox, testanull, PeterJson, Microsoft Threat Intelligence Center, Microsoft Security Response Center, pwnforsp | Site metasploit.com
This Metasploit module exploits vulnerabilities within the...
10-Strike Network Inventory Explorer 9.3 Buffer Overflow
Authored by Ricardo Jose Ruiz Fernandez
10-Strike Network Inventory Explorer versions 9.3 and below are vulnerable to a SEH based buffer overflow which leads to code execution or local privilege...
Teleport 9.3.6 Command Injection
Authored by Brian Landrum, Brandon Roach
Teleport 9.3.6 is vulnerable to command injection leading to remote code execution. An attacker can craft a malicious ssh agent installation link by URL...
Personnel Property Equipment 2015-2022 SQL Injection
Authored by nu11secur1ty
Personnel Property Equipment 2015-2022 suffers from a remote SQL injection vulnerability.
Change Mirror Download
## Title: Personnel Property Equipment-2015-2022 SQLi,Unauthenticated-File-Upload## Author: nu11secur1ty## Date: 08.22.2022## Vendor Homepage: https://www.trickcode.in/## Video vendor:...
AppleAVD AVC_RBSP::parseSliceHeader ref_pic_list_modification Overflow
Authored by Google Security Research, natashenka
There is a buffer overflow in how AppleAVD.kext parses the ref_pic_list_modification component of H264 slice headers in AVC_RBSP::parseSliceHeader. When pic modification entries are copied...





