WordPress ScrollReveal.js Effects plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.
>> AUTHOR: deepcore
Gitlab 14.9 – Authentication Bypass
GitLab 14.9 – Stored Cross-Site Scripting (XSS)
Joomla Sexy Polling extension versions 2.1.7 and below suffer from a remote SQL injection vulnerability.
The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through…
This Metasploit module exploits a vulnerability in the Linux Kernel’s watch_queue event notification system. It relies on a heap out-of-bounds write in kernel memory. The exploit may fail on the…
This Metasploit module exploits the “custom script” feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module,…
This Metasploit module exploits the “custom script” feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module,…
Jenkins exploit that chains CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029 to a more reliable and elegant pre-auth remote code execution. Jenkins versions below 2.138 are affected.