Backdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named “cmd.dll” under C:WINDOWS which listens on both TCP ports 2003 and 2004. By sending consecutive…
>> AUTHOR: deepcore
PaperStream IP (TWAIN) version 1.42.0.5685 suffers from a local privilege escalation vulnerability.
Gitea version 1.7.5 suffers from a remote code execution vulnerability.
H2 Database version 1.4.199 JNI code execution exploit. This exploit utilizes the Java Native Interface to load a a Java class without needing to use the Java Compiler.
Sonatype Nexus version 3.21.1 suffers from an authenticated remote code execution vulnerability.
Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability.
Life Insurance Management System 1.0 – Multiple Stored XSS
Online Doctor Appointment System 1.0 – Multiple Stored XSS
Cockpit Version 234 – Server-Side Request Forgery (Unauthenticated)
Apache Flink 1.11.0 – Unauthenticated Arbitrary File Read (Metasploit)