55 matches found
InternetSoft FTP Navigator 安全漏洞
InternetSoft FTP Navigator is an FTP client software developed by InternetSoft Corporation. Version 8.03 of InternetSoft FTP Navigator contains a security vulnerability, which stems from a buffer overflow in the Custom Command text box. This vulnerability could lead to remote code execution...
InternetSoft FTP Navigator 安全漏洞
InternetSoft FTP Navigator is an FTP client software developed by InternetSoft Corporation. Version 8.03 of InternetSoft FTP Navigator contains a security vulnerability, which stems from a buffer overflow issue in custom command inputs, potentially leading to the application crashing...
PT-2026-7928
FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler SEH with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger ...
WMI Event Subscription Logon Timer Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will trigger the payload after the system has a certain uptime. Payloads will trigger every minute until the set end time. Additionally a custom command can be specified to run...
WMI Event Subscription Process Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload when the specified process is started. Additionally a custom command can be specified to run once the trigger is activated using the advanced option...
WMI Event Subscription Interval Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after the specified CALLBACKINTERVAL. If the persistence is not installed, it will keep triggering payloads to spawn. Additionally a custom command can be...
WMI Event Subscription Process Persistence
This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload when the specified process is started. Additionally a custom command can be specified to run once the trigger is activated using the advanced opti...
WMI Event Subscription Logon Timer Persistence
This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will trigger the payload after the system has a certain uptime. Payloads will trigger every minute until the set end time. Additionally a custom command can be specifi...
WMI Event Subscription Event Log Persistence
This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified USERNAMETRIGGER note: failed logon auditing must be...
EUVD-2017-8255
Malware in sbrugna...
EUVD-2006-1694
Malware in sbrugna...
Exploit for Command Injection in Tp-Link Tl-Wr940N_Firmware
Python Exploit for TP-Link TL-WR940N/TL-WR841N Command Injecti...
CVE-2019-19699
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...
Exploit for Deserialization of Untrusted Data in Clear Clearml
ClearML Exploit Script This repository contains a Python expl...
Exploit for OS Command Injection in Php
This is a PoC exploit for CVE-2024-4577, a vulnerability in an u...
Exploit for Code Injection in Exiftool_Project Exiftool
CVE-2021-22204 Exploit for CVE-2021-22204 ExifTool - Arb...
Exploit for Code Injection in Gitlab
Gitlab-CVE-2021-22205 CVE-2021-22205’s...
Design/Logic Flaw
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...
CVE-2020-22000
CVE-2020-22000 affects HomeAutomation 3.3.2. An authenticated OS command execution vulnerability exists in the customcommand v0.1 plugin, exploitable via CSRF to run arbitrary shell commands as the web user through unsanitized PHP exec() calls in /system/systemplugins/customcommand/customcommand....
CVE-2020-22000
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'setcommandon' and 'setcommandoff' POST parameters in...