nu11secur1ty

118 exploits Active since Dec 2015
EIP-2026-104452 EXPLOITDB text WORKING POC
Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)
EIP-2026-104320 EXPLOITDB text WORKING POC
ManageEngin AMP 4.3.0 - File-path-traversal
CVE-2021-26929 EXPLOITDB MEDIUM python WORKING POC
Horde Groupware Webmail < 5.2.22 - Cross-Site Scripting via Text2html.php PreProcess
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.
CVSS 6.1
CVE-2023-28285 EXPLOITDB HIGH text SUSPICIOUS
Microsoft 365 Apps - Remote Code Execution via Use-After-Free
Microsoft Office Remote Code Execution Vulnerability
CVSS 7.8
CVE-2021-3318 EXPLOITDB MEDIUM python WORKING POC
dzzoffice < 2.02.1 - Cross-Site Scripting via editorid Parameter
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVSS 6.1
EIP-2026-104213 EXPLOITDB text WRITEUP
craftercms 4.x.x - CORS
CVE-2023-28311 EXPLOITDB HIGH text SUSPICIOUS
Microsoft 365 Apps and Office - Remote Code Execution via Heap-based Buffer Overflow
Microsoft Word Remote Code Execution Vulnerability
CVSS 7.8
CVE-2023-33131 EXPLOITDB HIGH text WORKING POC
Microsoft Outlook - Remote Code Execution
Microsoft Outlook Remote Code Execution Vulnerability
CVSS 8.8
EIP-2026-103985 EXPLOITDB text WORKING POC
Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing
CVE-2023-33148 EXPLOITDB HIGH text WORKING POC
Microsoft Office - Privilege Escalation
Microsoft Office Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2023-23399 EXPLOITDB HIGH text WORKING POC
Microsoft Excel - Remote Code Execution via Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8
CVE-2023-33137 EXPLOITDB HIGH text WORKING POC
Microsoft Office - Remote Code Execution via Double Free
Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8
CVE-2023-33145 EXPLOITDB MEDIUM text WORKING POC
Microsoft Edge Chromium < 114.0.1823.51 - Information Disclosure
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS 6.5
CVE-2021-3156 EXPLOITDB HIGH c WORKING POC
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS 7.8
CVE-2023-24892 EXPLOITDB HIGH text WRITEUP
Microsoft Edge Chromium < 111.0.1661.41 - Authentication Bypass by Spoofing via Webview2
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
CVSS 8.2
CVE-2023-1998 EXPLOITDB MEDIUM text WORKING POC
Linux Kernel < 6.3 - Microarchitectural Resource Sharing via IBRS STIBP Bypass
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
CVSS 5.6
CVE-2022-37706 EXPLOITDB HIGH text WORKING POC
Ubuntu Enlightenment Mount Priv Esc
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
CVSS 7.8
CVE-2020-2555 EXPLOITDB CRITICAL python WORKING POC
Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 9.8