Zoho ManageEngine - Remote Code Execution

Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...

Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...

Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution

Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a...

Web_Vulnerability_Assessment

🕸️ Week 03 — Web Vulnerability Assessment & Exploitation In...

Web_Vulnerability_Assessment

🕸️ Week 03 — Web Vulnerability Assessment & Exploitation In...

Kentico CMS Insecure Deserialization Remote Code Execution

Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability. id: CVE-2019-10068 info: name: Kentico CMS Insecure Deserialization Remote Code Execution author: davidmckennirey severity: critical description: Kentico CMS is susceptible to remote code execution via a...

XML-RPC Server - Remote Code Execution

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups. id: CVE-2017-11610 info: name: XML-RPC Serve...

VulnLinux-Exploitation

Lab 01: Vulnerable Linux Reconnaissance + Enumeration + Remote...

Klog Server <=2.41 - Unauthenticated Command Injection

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...

ClickFix Server Creation

This Metasploit module creates a web server which hosts a ClickFix type exploit. When a user visits the site they are given instructions on pasting our payload into a run dialog. When using a custom html page, please use INSERTPAYLOADHERE as the spot to put the generated payload in...

eCPPT-Penetration-Testing-Reports

eCPPT Penetration Testing Reports Penetration testing lab rep...

Metasploit-Simulation-lab

🛡️ Metasploit Simulation Lab — Ethical Hacking Training !alt...

Exploit-Databases

💥 Exploits Database & PoC Resources Koleksi exploit databas...

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

nessus-metasploit-pentest

Project 7 — Nessus Vulnerability Assessment + Metasploit Explo...

Exploit for CVE-2007-2447

🛡️ Metasploitable2 Vulnerability Assessment Author: Jaden Julius...

spectr

SPECTR Scan Parser & Exploit Recon Tool SPECTR is a CLI c...

programming-for-penetration-testing-buffer-overflow-exploit

Buffer Overflow Exploit in Ruby Overview This project was...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell Threat Sandbox CVE-2022-22965 Overview Thi...

EternalBlue

EternalBlue MS17-010 Exploitation Lab A professional, end-t...