Victorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall’s that support zero touch provisioning. Zyxel pushed…
>> AUTHOR: deepcore
Conti ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption….
A use-after-free issue exists in Chrome 100 and earlier versions. A malicious extension can achieve arbitrary code execution in the browser process.
IpMatcher versions 1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2 incorrectly validates octal and hexadecimal input data which can lead to indeterminate server-side request forgery, local file…
This Metasploit module exploits CVE-2022-30525, an unauthenticated remote command injection vulnerability affecting Zyxel firewalls with zero touch provisioning (ZTP) support. By sending a malicious setWanPortSt command containing an mtu field…
Survey Sparrow Enterprise Survey Software 2022 – Stored Cross-Site Scripting (XSS)
T-Soft E-Commerce 4 – ‘UrunAdi’ Stored Cross-Site Scripting (XSS)
SDT-CW3B1 1.1.0 – OS Command Injection
T-Soft E-Commerce 4 – SQLi (Authenticated)
SolarView Compact 6.0 – OS Command Injection