Edu-Sharing Arbitrary File Upload
Authored by Kai Zimmermann | Site sec-consult.com
Edu-Sharing suffers from an arbitrary file upload vulnerability. Versions below 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 are affected.
advisories | CVE-2024-28147
Change Mirror Download
SEC Consult Vulnerability Lab...
Netis MW5360 Remote Command Execution
Authored by h00die-gr3y, Adhikara13 | Site metasploit.com
The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling...
Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password
Authored by Daniel Hirschberger | Site sec-consult.com
Faronics WINSelect versions prior to 8.30.xx.903 suffer from having hardcoded credentials, storing unhashed passwords, and configuration file modification vulnerabilities.
advisories | CVE-2024-36495, CVE-2024-36496, CVE-2024-36497
Change...
Poultry Farm Management System 1.0 Shell Upload
Authored by Jerry Thomas
Poultry Farm Management System version 1.0 remote shell upload exploit. This is a variant of the original discovery of this flaw in this software version by...
Automad 2.0.0-alpha.4 Cross Site Scripting
Authored by Jerry Thomas
Automad version 2.0.0-alpha.4 suffers from a persistent cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)# Date: 20-06-2024# Exploit Author:...
SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw
Authored by Andrey Stoykov
SPA-CART CMS version 1.9.0.6 suffers from business logic and user enumeration flaws.
Change Mirror Download
# Exploit Title: Business Logic Flaw and Username Enumeration inspa-cartcmsv1.9.0.6# Date: 6/2024# Exploit...
Backdoor.Win32.Plugx MVID-2024-0686 Insecure Permissions
Authored by malvuln | Site malvuln.com
Backdoor.Win32.Plugx malware suffers from an insecure permissions vulnerability.
Change Mirror Download
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/eeb631127f1b9fb3d13d209d8e675634.txtContact: [email protected]: x.com/malvuln ...
PowerVR Uninitialized Memory Disclosure
Authored by Jann Horn, Google Security Research
PowerVR suffers from an uninitialized memory disclosure and crash due to out-of-bounds reads in hwperf_host_%d stream.
PowerVR Out-Of-Bounds Write
Authored by Jann Horn, Google Security Research
PowerVR suffers from an out-of-bounds write of firmware addresses in PVRSRVRGXKickTA3DKM().
Apache OFBiz Forgot Password Directory Traversal
Authored by jheysel-r7, Mr-xn | Site metasploit.com
Apache OFBiz versions prior to 18.12.13 are vulnerable to a path traversal vulnerability. The vulnerable endpoint /webtools/control/forgotPassword allows an attacker to access the...
