Clik here to view.
Osprey Pump Controller 1.0.1 pseudonym Command Injection
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP...
View ArticleClik here to view.
Osprey Pump Controller 1.0.1 userName Command Injection
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP...
View ArticleClik here to view.
Osprey Pump Controller 1.0.1 eventFileSelected Command Injection
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the...
View ArticleClik here to view.
Osprey Pump Controller 1.0.1 Cross Site Scripting
Osprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.SHA-256 | c1bf05288bbed246cc644a8fdb368c0546ebbfbb0723ec8709bda8abbafeddfdDownloadOsprey Pump Controller 1.0.1...
View ArticleClik here to view.
Osprey Pump Controller 1.0.1 Authentication Bypass
Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system.SHA-256 |...
View ArticleClik here to view.
WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting
WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from a cross site scripting vulnerability.SHA-256 | 06de2ef6e3f65a11f5f3b433ba90619493f56918211d5fd46b33311a0fbd2e57Download==== [...
View ArticleClik here to view.
Osprey Pump Controller 1.0.1 Cross Site Request Forgery
Osprey Pump Controller version 1.0.1 suffers from a cross site request forgery vulnerability.SHA-256 | 3ff94000035eb0e3d7750af6a36a24cd3f59ddd0bf32adc49eed8270dae8c139Download<!--Osprey Pump...
View ArticleClik here to view.
WordPress WoodMart Theme 7.1.1 Cross Site Request Forgery
WordPress WoodMart Theme versions 7.1.1 and below suffer from a cross site request forgery vulnerability due to missing nonce validation on the process_form function.SHA-256 |...
View ArticleClik here to view.
Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution
Osprey Pump Controller version 1.0.1 unauthenticated remote code execution exploit.SHA-256 | e3aa8cf09a10153c22c1fea563f19e0486760740b752b12095b5ec99f655864fDownload#!/usr/bin/env python### Osprey Pump...
View ArticleClik here to view.
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in...
View ArticleClik here to view.
Real Estate CRM Pro 5.7 SQL Injection
Real Estate CRM Pro from IT Ways version 5.7 appears to suffer from a remote SQL injection vulnerability that can allow for authentication bypass.SHA-256 |...
View ArticleClik here to view.
Lucee Authenticated Scheduled Job Code Execution
This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a...
View ArticleClik here to view.
NetBSD hfslib_reada_node_offset Overflow
NetBSD hfslib_reada_node_offset local overflow proof of concept exploit.SHA-256 | aeffa7486397ae14dcb26b948fa13d566e647001d7c05e6c914781abe7d49588DownloadSource:packetstormsecurity.com
View ArticleClik here to view.
Barracuda CloudGen WAN OS Command Injection
Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS...
View ArticleClik here to view.
Purchase Order Management 1.0 SQL Injection
Purchase Order Management version 1.0 suffers from a remote SQL injection vulnerability.SHA-256 | ffb44955bde18d06f61a43ace71d39f2ac737a3eb8396fe07643a49105c82640Download## Title: Purchase Order...
View ArticleClik here to view.
Purchase Order Management 1.0 Cross Site Scripting
Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload.SHA-256 |...
View ArticleClik here to view.
Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code
Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to multiple use-after-free conditions.SHA-256 |...
View ArticleClik here to view.
Agilebio Lab Collector 4.234 Remote Code Execution
Agilebio Lab Collector version 4.234 suffers from a remote code execution vulnerability.SHA-256 | 0cdd96d926a004ab4557db563d2b0c1cbbbdb9f46cd1d8a8506ca7afdabd65a6Download# Exploit Title: Agilebio Lab...
View ArticleClik here to view.
A Vulnerability In Implementations of SHA-3, SHAKE, EdDSA, And Other...
This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round...
View ArticleClik here to view.
OpenBSD 7.2 ip_srcroute() Overflow
OpenBSD version 7.2 suffers from an overflow vulnerability. ip_dooptions() will allow IPOPT_SSRR with optlen = 2. save_rte() will set isr_nhops to very large value, which will cause an overflow in the...
View ArticleClik here to view.
ZwiiCMS 12.2.04 Remote Code Execution
ZwiiCMS version 12.2.04 suffers from an authenticated remote code execution vulnerability.SHA-256 | eb76d5e63d49a529d995356a055f296bd4746ac15c006561a9eaa8406810db0dDownload# Exploit Title: ZwiiCMS...
View ArticleClik here to view.
undefinedCoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak...
CoreDial sipXcom sipXopenfire version 21.04 suffers from XMPP message system command argument injection and insecure service file permissions that when chained together gives root.SHA-256 |...
View ArticleClik here to view.
Oracle 19c Access Bypass
Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical...
View ArticleClik here to view.
Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities.SHA-256 |...
View ArticleClik here to view.
Purchase Order Management 1.0 Shell Upload
Purchase Order Management version 1.0 suffers a remote shell upload vulnerability. Flow details to achieve this are shown in the video link provided.SHA-256 |...
View Article