The SAPGateBreaker exploit leverages CVE-2022-22536 to perform HTTP Request Smuggling on SAP NetWeaver Application Server. This exploit allows for ACL bypass and internal access through a Content-Length-based technique.
An SSRF vulnerability in IBM Navigator for i allows an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration or other attacks. The vulnerability exploits a HTTP servlet generated security token bypass (CVE-2024-51464), allowing attackers to abuse the 'testConnectPort' servlet method to connect to any IP and PORT outside of the LAN, bypassing firewall rules and potentially connecting to attacker-controlled infrastructure.
IBM Navigator for i is vulnerable to a security token bypass issue (CVE-2024-51464). By manipulating the last eight digits of the security token ID, an authenticated attacker can craft a specially designed request to bypass the Navigator for i interface restrictions. This allows the attacker to perform unauthorized operations remotely, exploiting the integrity check mechanism of the web application.
A vulnerability was found in ASUS ASMB8 iKVM Firmware version 1.14.51 and potentially in other versions. By leveraging SNMP arbitrary extensions, an attacker can execute commands on the system with root privileges and bypass SSH restrictions to introduce a new user.
Due to improper handling of user-controlled configuration file parameters, an authenticated attacker can inject and run OS commands on the Ewon Cosy+ VPN gateway.
The Microsoft library-ms file format was found to have an NTLM hash disclosure vulnerability, where sensitive information could be exposed. Initially considered not severe by MSRC in 2018, it was later acknowledged by Microsoft and assigned CVE-2025-24054 in 2025. This vulnerability allows remote attackers to access sensitive information.
Windows Defender fails to detect and prevent execution of TrojanWin32Powessere.G when leveraging rundll32.exe, leading to an 'Access is denied' error. The bypass was first disclosed in 2022 by passing an extra path traversal with mshtml, which was later mitigated. Subsequently, on Feb 7, 2024, using multiple commas as part of the path allowed bypassing the mitigation until it was fixed. Another trivial bypass was discovered soon after.
The exploit allows injection of arbitrary code into a client's game through a crafted payload. The code author holds no liability for any damages caused by the usage of this exploit. By exploiting this vulnerability, an attacker can execute remote code on the target system.
This exploit leverages a broken access control vulnerability in Atlassian Confluence servers, enabling an attacker to bypass authentication. By sending a specially crafted request, an unauthorized admin account can be created on the targeted Atlassian server.
The Hitachi NAS (HNAS) System Management Unit (SMU) before version 14.8.7825.01 is vulnerable to an Insecure Direct Object Reference (IDOR) issue. An attacker can exploit this vulnerability to download arbitrary files from the server. This vulnerability has been assigned CVE-2023-5808.
Services By CQR