ABB Cylon Aspect 3.08.01 logCriticalLookup.php Unauthenticated Log Disclosure
Authored by LiquidWorm | Site zeroscience.mk
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the...
pfSense 2.5.2 Cross Site Scripting
Authored by EQSTLab, physicszq | Site github.com
A cross site scripting vulnerability in pfsense version 2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected...
Roundcube Webmail Cross Site Scripting
Authored by bartfroklage | Site github.com
Roundcube Webmail versions prior to 1.5.7 and 1.6.x prior to 1.6.7 allows cross site scripting via SVG animate attributes.
advisories | CVE-2024-37383
Grafana Remote Code Execution
Authored by z3k0sec | Site github.com
This repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this...
Helakuru 1.1 DLL Hijacking
Authored by surajhacx | Site github.com
Helakuru version 1.1 suffers from a dll hijacking vulnerability.
advisories | CVE-2024-48605
Vendure Arbitrary File Read / Denial Of Service
Authored by EQSTLab, Rajesh Sharma | Site github.com
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an...
Linux Dangling PFN Mapping / Use-After-Free
Authored by Jann Horn, Google Security Research, Seth Jenkins
An error path in usbdev_mmap() (where remap_pfn_range() fails midway through) frees pages before the PFN mapping pointing to those pages is...
ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution
Authored by LiquidWorm | Site zeroscience.mk
ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to perform network operations such as ping, traceroute, or nslookup on arbitrary hosts or IPs...
IBM Security Verify Access 10.0.8 Open Redirection
Authored by Giulio Garzia
IBM Security Verify Access versions 10.0.0 through 10.0.8 suffer from an OAUTH related open redirection vulnerability.
advisories | CVE-2024-35133
Change Mirror Download
- IBM Security Verify Access >= 10.0.0...
ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection
Authored by LiquidWorm | Site zeroscience.mk
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands...