header-logo
Suggest Exploit

Latest Exploits:

Explore All Exploits
by:
Devrim Dıragumandan (d0ub1edd)
vendor:
OS4Ed
Show More

openSIS 9.1 – SQL Injection (Authenticated)

A SQL injection vulnerability was discovered in OS4Ed Open Source Information System Community version 9.1. By manipulating the 'X-Forwarded-For' header parameters in a POST request to /Ajax.php, an attacker can execute malicious SQL queries.

6.1
CVSS
HIGH
SQL Injection
89
CWE
Product Name
Open Source Information System Community
Platforms Tested
Linux
Affected Version
From:
9.1
To:
45300
2024
by:
Ahmed Said Saud Al-Busaidi
vendor:
Vexorian
Show More

dizqueTV 1.5.3 – Remote Code Execution (RCE)

dizqueTV version 1.5.3 is susceptible to a remote code execution vulnerability that allows attackers to execute unauthorized commands remotely. By manipulating the FFMPEG Executable Path in the settings to include a malicious command like "; cat /etc/passwd && echo 'poc'", an attacker can view the content of /etc/passwd.

8.1
CVSS
CRITICAL
Remote Code Execution (RCE)
78
CWE
Product Name
dizqueTV
Platforms Tested
Linux
Affected Version
From:
1.5.2003
To:
1.5.2003
2024
by:
Caner Tercan
vendor:
reNgine
Show More

reNgine 2.2.0 – Command Injection (Authenticated)

The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.

7.1
CVSS
HIGH
Command Injection
78
CWE
Product Name
reNgine
Platforms Tested
macOS
Affected Version
From:
2.2.2000
To:
2.2.2000
2024
by:
Alessio Romano (sfoffo)
vendor:
Enchanted Code
Show More

Stored Cross-Site Scripting (XSS) in NoteMark

The vulnerability exists in NoteMark version 0.13.0 and below. By injecting a malicious payload into a note and rendering it using the 'Rendered' tab, an attacker can execute arbitrary JavaScript code in the context of the user's session.

6.1
CVSS
HIGH
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name
NoteMark
Platforms Tested
Linux
Affected Version
From:
0.13.0
To:
0.13.0 and below
2024
by:
Photubias
vendor:
Microsoft
Show More

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

The exploit targets Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189, allowing an attacker to cause denial-of-service. By corrupting the tcpip.sys memory per batch, the attacker can disrupt the normal functioning of the system. This vulnerability is identified as CVE-2024-38063.

6.1
CVSS
HIGH
Denial-Of-Service
CWE
Product Name
Windows
Platforms Tested
Windows 11 23H2, Windows Server 2022
Affected Version
From:
Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189
To:
2024