Grav CMS 1.7.44 Server-Side Template Injection
Authored by geniuszlyy | Site github.com
GenGravSSTIExploit is a proof of concept Python script that exploits an authenticated server-side template injection (SSTI) vulnerability in Grav CMS versions 1.7.44 and below....
PHP-Nuke Top Module SQL Injection
Authored by Emiliano Febbi
The Top module for PHP-Nuke versions 6.x and below 7.6 suffers from a remote SQL injection vulnerability.
Change Mirror Download
# Exploit Title: PHP-Nuke ( SQL injection Top...
ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion
Authored by LiquidWorm | Site zeroscience.mk
ABB Cylon Aspect version 3.08.01 suffers from an arbitrary file deletion vulnerability. Input passed to the file parameter in calendarFileDelete.php is not properly sanitized...
dav1d Integer Overflow / Out-Of-Bounds Write
Authored by Google Security Research, Nick Galloway
There is an integer overflow in dav1d when decoding an AV1 video with large width/height. The integer overflow may result in an out-of-bounds...
Android GKI Kernels Use-After-Free
Authored by Jann Horn, Google Security Research
Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to use-after-free conditions.
advisories | CVE-2023-20937
Change Mirror Download
A central recurring...
Palo Alto Networks GlobalProtect Local Privilege Escalation
Authored by Johannes Greil, Michael Baer | Site sec-consult.com
Palo Alto Networks GlobalProtect versions 5.1.x, 5.2.x, 6.0.x, 6.1.x, 6.3.x and versions less than 6.2.5 suffer from a local privilege escalation...
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal
Authored by LiquidWorm | Site zeroscience.mk
ABB Cylon Aspect version 3.08.01 has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary...
ABB Cylon Aspect 3.07.02 Authenticated File Disclosure
Authored by LiquidWorm | Site zeroscience.mk
ABB Cylon Aspect version 3.07.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the downloadDb.php script...
ManageEngine ADManager 7183 Password Hash Disclosure
Authored by indoushka
ManageEngine ADManager version 7183 suffers from a password hash disclosure vulnerability.
Change Mirror Download
=============================================================================================================================================| # Title : ManageEngine ADManager 7183 Password Hash Disclosure Vulnerability...
Transport Management System 1.0 Code Injection
Authored by indoushka
Transport Management System version 1.0 suffers from a PHP code injection vulnerability.
Change Mirror Download
=============================================================================================================================================| # Title : Transport Management System 1.0 php code...
