Try Hack Me: Pickle Rick
We start by running nmap nmap -v -sC -sV IP-ADDRESS-HERE -oA pickle-rick-scan When this is completed you will notice port...
exploit
CVE-2021-38694
Summary: SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. Reference Links(if available): https://orangeo.tech/post/2021/12/24/First-CVEs.html https://play.google.com/store/apps/details?id=th.co.softvibe.saraban&hl=en&gl=US CVSS Score (if available) v2: /...
CVE-2021-38696
Summary: SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the...
CVE-2021-46483
Summary: Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c. Reference Links(if available): https://github.com/pcmacdon/jsish/issues/62 CVSS...
CVE-2021-46482
Summary: Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c. Reference Links(if available): https://github.com/pcmacdon/jsish/issues/66 CVSS...
CVE-2021-28507
Summary: An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig...
CVE-2021-46104
Summary: An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information...
CVE-2022-23094
Summary: Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)...
CVE-2022-0240
Summary: mruby is vulnerable to NULL Pointer Dereference Reference Links(if available): https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca CVSS Score (if available) v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P...
CVE-2021-39143
Summary: Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR...
CVE-2021-24786
Summary: The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using...
CVE-2020-20948
Summary: An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath"...
CVE-2020-20945
Summary: A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. Reference Links(if...
CVE-2021-45713
Summary: An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has...
CVE-2021-45469
Summary: In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode...
CVE-2019-15138
Summary: The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest...
CVE-2021-21937
Summary: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this...
CVE-2021-21935
Summary: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this...
CVE-2021-21934
Summary: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this...
CVE-2021-21933
Summary: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this...
CVE-2021-21932
Summary: A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this...
CVE-2021-45078
Summary: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow)...
CVE-2021-24747
Summary: The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the...
CVE-2021-24981
Summary: The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary...
