Lucene search
K

409 matches found

Packet Storm
Packet Storm
added 2022/12/31 12:0 a.m.881 views

SugarCRM Shell Upload

!/usr/bin/env python SugarCRM 0-day Auth Bypass + RCE Exploit Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0 https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php https://www.shodan.io/search?query=http.title:"SugarCRM"...

7.4AI score
Exploits0
OSV
OSV
added 2022/06/30 3:15 p.m.15 views

CVE-2021-37770

Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with...

7.2CVSS5.9AI score0.01237EPSS
Exploits1References2
NVD
NVD
added 2022/04/25 4:16 p.m.123 views

CVE-2021-25094

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...

8.1CVSS0.83232EPSS
Exploits9References5
Prion
Prion
added 2022/04/25 4:16 p.m.29 views

Race condition

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...

6.8CVSS8.1AI score0.83232EPSS
Exploits9References3Affected Software1
Packet Storm
Packet Storm
added 2022/03/07 12:0 a.m.258 views

part-db 0.5.11 Remote Code Execution

Exploit Title: part-db 0.5.11 - Remote Code Execution RCE Google Dork: NA Date: 03/04/2022 Exploit Author: Sunny Mehra @DSKMehra Vendor Homepage: https://github.com/part-db/part-db Software Link: https://github.com/part-db/part-db Version: 0.5.11. Tested on: KALI OS CVE : CVE-2022-0848...

9.6AI score0.35436EPSS
Exploits5
0day.today
0day.today
added 2022/03/07 12:0 a.m.546 views

part-db 0.5.11 - Remote Code Execution Exploit

Exploit Title: part-db 0.5.11 - Remote Code Execution RCE Exploit Author: Sunny Mehra @DSKMehra Vendor Homepage: https://github.com/part-db/part-db Software Link: https://github.com/part-db/part-db Version: 0.5.11. Tested on: KALI OS CVE : CVE-2022-0848 --------------- !/bin/bash...

10CVSS9.6AI score0.35436EPSS
Exploits5
Exploit DB
Exploit DB
added 2022/03/07 12:0 a.m.433 views

part-db 0.5.11 - Remote Code Execution (RCE)

Exploit Title: part-db 0.5.11 - Remote Code Execution RCE Google Dork: NA Date: 03/04/2022 Exploit Author: Sunny Mehra @DSKMehra Vendor Homepage: https://github.com/part-db/part-db Software Link: https://github.com/part-db/part-db Version: 0.5.11. Tested on: KALI OS CVE : CVE-2022-0848...

10CVSS9.2AI score0.35436EPSS
Exploits5
NVD
NVD
added 2022/02/09 2:15 p.m.43 views

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

8.8CVSS0.09183EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2022/02/09 2:15 p.m.7 views

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

8.8CVSS8.7AI score0.09183EPSS
Exploits4References3
OSV
OSV
added 2022/02/09 2:15 p.m.26 views

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

8.8CVSS8.6AI score
Exploits0References2
Prion
Prion
added 2022/02/09 2:15 p.m.19 views

Remote code execution

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

6.5CVSS9.2AI score0.09183EPSS
Exploits4References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.4 views

PT-2022-12668 · Unknown · Composr Cms

Name of the Vulnerable Software and Affected Versions: Composr-CMS versions 10.0.39 and earlier Description: The issue allows remote attackers to execute arbitrary code via uploading a PHP shell through the "/adminzone/index.php?page=admin-commandr" API endpoint. This enables attackers to perform...

8.8CVSS9AI score0.09183EPSS
Exploits4References7
0day.today
0day.today
added 2022/01/18 12:0 a.m.281 views

Simple Chatbot Application 1.0 - Remote Code Execution Vulnerability

Exploit Title: Simple Chatbot Application 1.0 - Remote Code Execution RCE Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Tested on: XAMPP,...

0.1AI score
Exploits0
GithubExploit
GithubExploit
added 2022/01/03 9:19 p.m.174 views

Exploit for Missing Authentication for Critical Function in Brandexponents Tatsu

Preauth RCE in Tatsu builder Wordpress plugin CVE-2021-25094...

8.1CVSS8.3AI score0.83232EPSS
Exploits9
NVD
NVD
added 2021/12/21 9:15 a.m.10 views

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

7.5CVSS0.00811EPSS
Exploits2References2
OSV
OSV
added 2021/12/21 9:15 a.m.7 views

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

7.5CVSS7.7AI score
Exploits0References2
Prion
Prion
added 2021/12/21 9:15 a.m.22 views

Cross site request forgery (csrf)

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

5.1CVSS7.7AI score0.00811EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/12/21 8:45 a.m.35 views

CVE-2021-24981 Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

7.9AI score0.00811EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/11/16 12:0 a.m.24 views

Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload

The plugin was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. This vulnerability was seen actively exploited by Sucuri in the wild for ransomware attacks. PoC 1. Authenticate as any user. 2. Paste below...

7.5CVSS7.5AI score0.00811EPSS
Exploits2References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/11/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

7.5CVSS7.2AI score0.00811EPSS
Exploits2References1
Rows per page
Query Builder