2021
09.28
09.28
Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.
This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.
Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.
Zero day exploit for nehelper on iOS 15.0 that allows any user-installed application to determine whether any application is installed on the device given its bundle ID.
Zero day exploit for Nehelper Wifi Info on iOS 15.0. XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, the com.apple.developer.networking.wifi-info entitlement check is skipped. This makes it possible for any qualifying application (e.g. possessing location access authorization) to gain access to Wifi information without the required entitlement. This happens in -[NEHelperWiFiInfoManager checkIfEntitled:] in /usr/libexec/nehelper.
Apache James Server 2.3.2 – Remote Command Execution (RCE) (Authenticated) (2)
WordPress Plugin Popup 1.10.4 – Reflected Cross-Site Scripting (XSS)
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – ‘Add Admin’ Cross-Site Request Forgery (CSRF)
WordPress Plugin Ultimate Maps 1.2.4 – Reflected Cross-Site Scripting (XSS)
WordPress Plugin Contact Form 1.7.14 – Reflected Cross-Site Scripting (XSS)
WordPress Plugin TranslatePress 2.0.8 – Stored Cross-Site Scripting (XSS) (Authenticated)
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – Hidden Backdoor Account (Write Access)