CXSECURITY Database RSS Feed - CXSecurity.com

Linux 6.6 Race Condition

Jann Horn — Mon, 25 Nov 2024 22:05:28 +0000

Topic: Linux 6.6 Race Condition Risk: Medium Text:Summary I found a security-relevant race between mremap() and THP code. Reaching the buggy code typically requires the abili...

fronsetia 1.1 XML Injection

Andrey Stoykov — Mon, 25 Nov 2024 22:05:14 +0000

Topic: fronsetia 1.1 XML Injection Risk: Medium Text:# Exploit Title: XXE OOB - fronsetiav1.1 # Date: 11/2024 # Exploit Author: Andrey Stoykov # Version: 1.1 # Tested on: Debia...

fronsetia 1.1 Cross Site Scripting

Andrey Stoykov — Mon, 25 Nov 2024 22:04:53 +0000

Topic: fronsetia 1.1 Cross Site Scripting Risk: Low Text:# Exploit Title: Reflected XSS - fronsetiav1.1 # Date: 11/2024 # Exploit Author: Andrey Stoykov # Version: 1.1 # Tested on:...

Kyptronix LLP - Sql Injection

behrouz mansoori — Mon, 25 Nov 2024 22:04:42 +0000

Topic: Kyptronix LLP - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: Kyptronix LLP - Sql Injection #Date: 2024-11-22 #E...

Kyptronix LLP - Blind Sql Injection Vulnerability

behrouz mansoori — Mon, 25 Nov 2024 22:04:20 +0000

Topic: Kyptronix LLP - Blind Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: Kyptronix LLP - Blind Sql Injection Vulnerability #...

Korenix JetPort 5601 1.2 Path Traversal

Hierzer — Mon, 25 Nov 2024 22:03:57 +0000

Topic: Korenix JetPort 5601 1.2 Path Traversal Risk: Medium Text:St. Plten UAS 20241118-1 - title| Path Traversal product| Korenix Je...

Apple Web Content Filter Bypass

Nosebeard — Mon, 25 Nov 2024 22:03:34 +0000

Topic: Apple Web Content Filter Bypass Risk: Low Text:Dear colleagues, Nosebeard Labs is pleased to share its latest advisory, detailing a bypass of Apple's system wide web con...

Microsoft Windows Defender TrojanWin32Powessere.G / Detection Mitigation Bypass

hyp3rlinx — Mon, 18 Nov 2024 16:25:19 +0000

Topic: Microsoft Windows Defender TrojanWin32Powessere.G / Detection Mitigation Bypass Risk: High Text:Another trivial Windows Defender TrojanWin32Powessere.G Detection Mitigation Bypass C:Usersgg>rundll32.exe javascript:"..m...

© 2024 Human Resource Management-1.0-HRM-1.0 Cross-site scripting (reflected)

nu11secur1ty — Mon, 18 Nov 2024 16:25:05 +0000

Topic: © 2024 Human Resource Management-1.0-HRM-1.0 Cross-site scripting (reflected) Risk: Low Text:## Titles: © 2024 Human Resource Management-1.0-HRM-1.0 Cross-site scripting (reflected) ## Author: nu11secur1ty ## Date: 1...

Blue sun info - Blind Sql Injection Vulnerability

behrouz mansoori — Mon, 18 Nov 2024 16:24:34 +0000

Topic: Blue sun info - Blind Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: Blue sun info - Blind Sql Injection Vulnerability #...

Pyload Remote Code Execution

Spencer McIntyre — Mon, 18 Nov 2024 16:23:55 +0000

Topic: Pyload Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery

parsa rezaie khiabanloo — Sun, 17 Nov 2024 21:31:18 +0000

Topic: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Risk: Low Text:# Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery ( CSRF ) # Dork: intitle:"Heatmiser Wifi Thermosta...

Calibre-web 0.6.21 Stored XSS

Pentest-Tools — Sun, 17 Nov 2024 21:30:50 +0000

Topic: Calibre-web 0.6.21 Stored XSS Risk: Low Text:# Exploit Title: Stored XSS in Calibre-web # Date: 07/05/2024 # Exploit Authors: Pentest-Tools.com (Catalin Iovita & Alexandr...

SOPlanning 1.52.01 (Simple Online Planning Tool) Remote Code Execution (RCE) (Authenticated)

Ardayfio Samuel Nii Aryee — Sun, 17 Nov 2024 21:30:26 +0000

Topic: SOPlanning 1.52.01 (Simple Online Planning Tool) Remote Code Execution (RCE) (Authenticated) Risk: High Text:# Exploit Title: SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated) # Date: 6th Oc...

Proteus Home P1B - Default Password and Broken Access Control

parsa rezaie khiabanloo — Sun, 17 Nov 2024 21:30:04 +0000

Topic: Proteus Home P1B - Default Password and Broken Access Control Risk: Medium Text:# Exploit Title: Proteus Home P1B - Default Password and Broken Access Control # Date: 11/15/2024 # Exploit Author: parsa rez...

EXPLOIT FINDER WordPress User Enumeration

E1.Coders — Sun, 17 Nov 2024 21:29:53 +0000

Topic: EXPLOIT FINDER WordPress User Enumeration Risk: Low Text:With this code, you can search Google and isolate the sites that have this security issue and test which ones have the WP JSON/...

Proteus Home P1B - Default Password and Broken Access Control

parsa rezaie khiabanloo — Sun, 17 Nov 2024 21:29:36 +0000

OmenTec Proteus Home P1B - Default Password and Broken Access Control

parsa rezaie khiabanloo — Sun, 17 Nov 2024 21:28:39 +0000

Topic: OmenTec Proteus Home P1B - Default Password and Broken Access Control Risk: Medium Text:# Exploit Title: OmenTec Proteus Home P1B - Default Password and Broken Access Control # Date: 11/15/2024 # Exploit Author: p...

© 2024 Human Resource Management-1.0-HRM-1.0 Multiple-SQLi

nu11secur1ty — Thu, 14 Nov 2024 21:41:59 +0000

Topic: © 2024 Human Resource Management-1.0-HRM-1.0 Multiple-SQLi Risk: High Text:## Titles: © 2024 Human Resource Management-1.0-HRM-1.0 Multiple-SQLi ## Author: nu11secur1ty ## Date: 11/13/2024 ## Vendo...

TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write

Filip Palian — Thu, 14 Nov 2024 21:41:37 +0000

Topic: TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write Risk: Medium Text:Hej, Let's keep it short ... == Intro == A "sudo make me a sandwich" security issue has been identified in...

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download

Andreas Kolbeck — Thu, 14 Nov 2024 21:41:06 +0000

Topic: Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory < 20241112-0 > == title: Multiple vulner...

TestRail CLI FieldsParser eval Injection

Devin — Tue, 12 Nov 2024 22:37:42 +0000

Topic: TestRail CLI FieldsParser eval Injection Risk: Medium Text:This is not a very exciting vulnerability, but I had already publicly disclosed it on GitHub at the request of the vendor. Sin...

Positive E Solutions Inc - Sql Injection

behrouz mansoori — Tue, 12 Nov 2024 22:36:58 +0000

Topic: Positive E Solutions Inc - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: Positive E Solutions Inc - Sql Injection #Date: 202...

Positive E Solutions Inc - Blind Sql Injection Vulnerability

behrouz mansoori — Tue, 12 Nov 2024 22:36:45 +0000

Topic: Positive E Solutions Inc - Blind Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: Positive E Solutions Inc - Blind Sql Injection Vulne...

Online Complete - Sql Injection

behrouz mansoori — Tue, 12 Nov 2024 22:36:05 +0000

Topic: Online Complete - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: Online Complete - Sql Injection #Date: 2024-11-12 ...

POMS-PHP (by: oretnom23 ) v1.0, Copyright © 2024. All rights reserved - File Upload Vulnerability exploit

nu11secur1ty — Mon, 11 Nov 2024 05:11:33 +0000

Topic: POMS-PHP (by: oretnom23 ) v1.0, Copyright © 2024. All rights reserved - File Upload Vulnerability exploit Risk: High Text:## Titles: POMS-PHP (by: oretnom23 ) v1.0, Copyright © 2024. All rights reserved - File Upload Vulnerability exploit ## Autho...

POMS-PHP (by: oretnom23 ) v1.0, Copyright © 2024. All rights reserved - SQLi Bypass Authentication

nu11secur1ty — Mon, 11 Nov 2024 05:10:59 +0000

Topic: POMS-PHP (by: oretnom23 ) v1.0, Copyright © 2024. All rights reserved - SQLi Bypass Authentication Risk: Medium Text:## Titles: POMS-PHP (by: oretnom23 ) v1.0, Copyright © 2024. All rights reserved - SQLi Bypass Authentication ## Author: nu1...

WebSenor InfoTech - Blind Sql Injection Vulnerability

behrouz mansoori — Mon, 11 Nov 2024 05:10:44 +0000

Topic: WebSenor InfoTech - Blind Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: WebSenor InfoTech - Blind Sql Injection Vulnerabilit...

BALC Media - Sql Injection

behrouz mansoori — Mon, 11 Nov 2024 05:09:37 +0000

Topic: BALC Media - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: BALC Media - Sql Injection #Date: 2024-11-08 #Expl...

WebSenor InfoTech Sql Injection

behrouz mansoori — Wed, 06 Nov 2024 22:21:38 +0000

Topic: WebSenor InfoTech Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: WebSenor InfoTech Sql Injection #Date: 2024-11-04 ...

Vibgyor Media Info Solutions - Blind Sql Injection Vulnerability

behrouz mansoori — Wed, 06 Nov 2024 22:21:14 +0000

Topic: Vibgyor Media Info Solutions - Blind Sql Injection Vulnerability Risk: Medium Text:********************************************************* #Exploit Title: Vibgyor Media Info Solutions - Blind Sql Injection V...

Vibgyor Media Info Solutions Sql Injection

behrouz mansoori — Wed, 06 Nov 2024 22:20:53 +0000

Topic: Vibgyor Media Info Solutions Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: Vibgyor Media Info Solutions Sql Injection #Date: 2...

IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords

Pierre Kim — Wed, 06 Nov 2024 22:20:35 +0000

Topic: IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords Risk: Low Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA512 ## Advisory Information Title: 4 vulnerabilities in ibmsecurity Advisory UR...

ESET NOD32 Antivirus 18.0.12.0 Unquoted Service Path

Milad Karimi — Wed, 06 Nov 2024 22:20:14 +0000

Topic: ESET NOD32 Antivirus 18.0.12.0 Unquoted Service Path Risk: Medium Text:# Exploit Title: ESET NOD32 Antivirus 18.0.12.0 - "ESET Service" Unquoted Service Path # Exploit Author: Milad Karimi (Ex3pti...

SQLite3 generate_series Stack Buffer Underflow

Google Security Research — Wed, 06 Nov 2024 22:19:59 +0000

Topic: SQLite3 generate_series Stack Buffer Underflow Risk: High Text:Vulnerability details static int seriesBestIndex( sqlite3_vtab *pVTab, sqlite3_index_info *pIdxInfo ){ int i, j; ...

ABB Cylon Aspect 3.08.00 Off-By-One

LiquidWorm — Wed, 06 Nov 2024 22:18:41 +0000

Topic: ABB Cylon Aspect 3.08.00 Off-By-One Risk: Low Text:ABB Cylon Aspect 3.08.00 (log(Mix/Yum)Lookup.php) Off-by-One Error in Log Parsing Vendor: ABB Ltd. Product web page: http...

Qualitor 8.24 Server-Side Request Forgery

OpenXP Research Team — Sat, 02 Nov 2024 22:50:14 +0000

Topic: Qualitor 8.24 Server-Side Request Forgery Risk: Low Text:# CVE-2024-48360 | Qualitor < = v8.24 Unauthenticated SSRF ## Description Qualitor is a platform for business process mana...

Xlibre Xnest 24.1.0 / 24.2.0 Buffer Overflow

Enrico Weigelt — Sat, 02 Nov 2024 22:49:42 +0000

Topic: Xlibre Xnest 24.1.0 / 24.2.0 Buffer Overflow Risk: High Text:XLibre project security advisory As Xlibre Xnest is based on Xorg, it is affected by some security issues whic...

SmartAgent 1.1.0 Remote Code Execution

Alter Prime — Sat, 02 Nov 2024 22:49:23 +0000

Topic: SmartAgent 1.1.0 Remote Code Execution Risk: High Text:# Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution # Date: 01-10-2024 # Exploit Author: Alter Prime ...

SmartAgent 1.1.0 Server-Side Request Forgery

Alter Prime — Sat, 02 Nov 2024 22:49:10 +0000

Topic: SmartAgent 1.1.0 Server-Side Request Forgery Risk: Low Text:# Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery (SSRF) # Date: 01-10-2024 # Exploit Author: Alter Prime # V...