Microsoft PlayReady Complete Client Identity Compromise
Authored by Adam Gowdiak | Site security-explorations.com
The Security Explorations team has come up with two attack scenarios that make it possible to extract private ECC keys used by a...
RIOT 2024.01 Buffer Overflows / Lack Of Size Checks / Out-Of-Bound Access
Authored by Marco Ivaldi
RIOT versions 2024.01 and below suffers from multiple buffer overflows, ineffective size checks, and out-of-bounds memory access vulnerabilities.
advisories | CVE-2024-31225, CVE-2024-32017, CVE-2024-32018
Change Mirror Download
-- is a...
Openmediavault Remote Code Execution / Local Privilege Escalation
Authored by Mert BENADAM
Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell....
Microsoft PlayReady Toolkit
Authored by Adam Gowdiak | Site security-explorations.com
The Microsoft PlayReady toolkit assists with fake client device identity generation, acquisition of license and content keys for encrypted content, and much more....
Windows PspBuildCreateProcessContext Double-Fetch / Buffer Overflow
Authored by gabe_k
Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in PspBuildCreateProcessContext that leads to a stack...
Online Tours And Travels Management System 1.0 SQL Injection
Authored by nu11secur1ty
Online Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.
Change Mirror Download
## Titles: Travel-Manager-OTMSP-1.0 Multiple SQLi## Author: nu11secur1ty## Date: 05/01/2024## Vendor: https://mayurik.com/##...
Packet Storm New Exploits For April, 2024
Authored by Todd J. | Site packetstormsecurity.com
This archive contains all of the 132 exploits added to Packet Storm in April, 2024.
htmlLawed 1.2.5 Remote Command Execution
Authored by d4t4s3c
htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.
advisories | CVE-2022-35914
Change Mirror Download
#!/bin/bash# Exploit Title: htmlLawed <= 1.2.5 - Remote Code Execution# Date: 2024-05-02#...
SOPlanning 1.52.00 Cross Site Scripting
Authored by liquidsky
SOPlanning version 1.52.00 suffers from a cross site scripting vulnerability in groupe_save.php.
Change Mirror Download
Exploit Title: SOPlanning v1.52.00 'groupe_save.php' XSS (Reflected XSS)Application: SOPlanningVersion: 1.52.00Date: 4/22/24Exploit Author: Joseph McPeters...
SOPlanning 1.52.00 Cross Site Request Forgery
Authored by liquidsky
SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.
Change Mirror Download
<!--Exploit Title: SOPlanning v1.52.00 'xajax_server.php' CSRF (Account Takeover)Application: SOPlanningVersion: 1.52.00Date: 4/22/24Exploit Author: Joseph...
