Jorani Remote Code Execution
Authored by RIOUX Guilhem | Site metasploit.com
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass...
Hyip Rio 2.1 Cross Site Scripting / File Upload
Authored by CraCkEr
Hyip Rio version 2.1 suffers from an arbitrary file upload vulnerability that can be leveraged to commit cross site scripting attacks.
advisories | CVE-2023-4382
Change Mirror Download
# Exploit Title:...
AudioCodes VoIP Phones Insufficient Firmware Validation
Authored by Matthias Deeg, Moritz Abrell | Site syss.de
AudioCodes VoIP Phones with firmware versions greater than or equal to 3.4.4.1000 have been found to have validation of firmware images...
AudioCodes VoIP Phones Hardcoded Key
Authored by Moritz Abrell | Site syss.de
The AudioCodes VoIP phones store sensitive information, e.g. credentials and passwords, in encrypted form in their configuration files. These encrypted values can also...
Maltrail 0.53 Unauthenticated Command Injection
Authored by Ege Balci, Chris Wild | Site metasploit.com
Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. Maltrail versions below 0.54...
Greenshot 1.3.274 Deserialization / Command Execution
Authored by bwatters-r7, p4r4bellum | Site metasploit.com
There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens...
Chrome IPCZ FragmentDescriptors Missing Validation
Authored by Google Security Research, Mark Brand
Chrome IPCZ FragmentDescriptors are not validated allowing for an out-of-bounds crash condition.
advisories | CVE-2023-3732
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read
Authored by Hank Leininger, Jim Becher | Site korelogic.com
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to read...
Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation
Authored by Jim Becher | Site korelogic.com
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to run arbitrary commands...
Erim Upload 4 Database Disclosure
Authored by indoushka
Erim Upload version 4 suffers from a database disclosure vulnerability.
Change Mirror Download
====================================================================================================================================| # Title : Erim Upload V4 Database Disclosure Exploit ...