Kirby CMS version 3.5.3.1 suffers from a cross site scripting vulnerability.
6df556d967d4440fd3638967713eded85af7415cf01753ccabeda76f5d9fa161
Trojan-Dropper.Win32.Injector.aobl malware suffers from an insecure permissions vulnerability.
800e7ece2ffebba147e3acb7a97f4598aedec2b1c3ab7ca5a0670c4b24acbd71
Trojan-Dropper.Win32.Dycler.vrp malware suffers from an insecure permissions vulnerability.
e23ff9eb541ce52b96443c82874a027faf052548df6f0e76014edf8fbc27f927
Kimai version 1.14 suffers from a CSV injection vulnerability.
afb42232708cf7c479a931df88973a1686f1c2e59c5995bf6636cc24c9b50abf
This Metasploit module exploits a pre-auth server-side request forgery (CVE-2021-21975) and post-auth file write (CVE-2021-21983) in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the /casa/private/config/slice/ha/certificate endpoint. Code execution occurs as the "admin" Unix user.
8fb3fd3d2660db09b165a788ebbd4aab98bfde09593d01e190121efb5d69716d
WordPress WPGraphQL plugin version 1.3.5 suffers from a denial of service vulnerability.
fd8100cf3908043374f8ea4c72265eeed0145c4053e6b5d3a90a8ffba4670edd
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript code-execution feature and executes the supplied code all at once, allowing for code execution on the server with the privileges of the Druid Server process. More critically, authentication is not enabled in Apache Druid by default.
b298c899e38be69b54163c4da54bb4be979f3abb34cca3c04ac527f6a5c92905
Montiorr version 1.7.6m suffers from a cross site scripting vulnerability via a file upload.
5e6dcee09ca3a6208dca09fa733156105f960720d70334ae602f8f337f70aaa0
Hasura GraphQL version 1.3.3 remote code execution exploit.
fd1bd472d72681b6bea0f117f6be6354dd7d97665b44e8f65f4f6a6b4af05267
OpenPLC version 3 authenticated remote code execution exploit.
65b0210385b608740a93271d55b93113eacb1472f424450c8a33864212b6c54d
SEO Panel version 4.8.0 remote blind SQL injection exploit. Original discovery in this version is attributed to Piyush Patil in February of 2021.
1484a300db9ca4769e7f8862d2b2c8deb6c8fe61ea69d300b5d0d81c9690ea4a
Windows 10 Wi-Fi Drivers For Intel Wireless Adapters version 22.30.0 suffer from a privilege escalation vulnerability.
32a3533c7499f0b1656df4f46d4c4091cf67f7d914aa53d3ffec372e45979b20
Worm.Win32.Busan.k malware suffers from an insecure transit vulnerability.
e69f213893c264746d1b1bde4cd255d1442b5c6ca56cbc76a86e46788c6af3ed
The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
7af65ecb81ce4b4c1a3d5b2e77c78c1b93a601f5b442985ac77bb97f00dc5731
Sipwise software platform suffers from multiple authenticated stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.
3a637df610f4399d796b60fd154117f140f2a37f20b84a0e7e662794af91313a
DzzOffice version 2.02.1 suffers from a cross site scripting vulnerability.
a88898d34a0dd38bd0a624051e9d6708e30ca923f0b025646fcc6f58fb4ea499
Document Management System version 1.0 remote SQL injection exploit that deploys a web shell.
e8d80953b2ef01723266a3371f3a2c5a42156162d5474910c8ea7602487dd2d5
GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.
41f7e0ef54e05dad22d7753afc0b084638622f4b9593b685c302c7652a13556c
Moodle version 3.10.3 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to Vincent666 ibn Winnie in March of 2021.
1fcd1fa3ec121b2c10c68e0cb6e78bbc8b44e1d20dc9503759b2beb14529f62f
BMD BMDWeb 2.0 versions prior to 24.01.21 suffer from persistent cross site scripting vulnerabilities.
499c18c38e8687b39167ce9265f6c4cdf83a764a4642327eea6fa7a0feb38768
Packed.Win32.Black.d malware has an unauthenticated open proxy vulnerability.
b18b3ad5d47b356d0d074396d3e78619015d4e8d6d35c24f92a64f3e00c8a7c2
OTRS version 6.0.1 remote command execution exploit.
9d111d76bea3e1afbf0a3f7944a2ab12828a882b5a33a64bd3c3773ab6853e44
Backdoor.Win32.DarkKomet.artr malware suffers from an insecure permissions vulnerability.
6f97ec5a51f653a05bb81959971a0ad88089ac05e1df22f9ab1015828b1d15be
Trojan-Dropper.Win32.Agent.xtp malware suffers from an insecure permissions vulnerability.
9aaf127156348dafcff76eb15d956c0680a835016e5b90fa5d40e53d8177432d
RemoteClinic version 2.0 suffers from multiple persistent cross site scripting vulnerabilities.
b00dedb467ec2c26a898adc3fac196e892a358994af6fa922e3582ef27134ac6