Exploit for Path Traversal in Jetbrains Teamcity

RCity - CVE-2024-27198 RCE & Admin Account Creation & CVE-20...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

cve-2024-3400 Python exploit and checker script for CVE-2024-3...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

MinIO vulnerability exploit CVE-2023-28432 Description T...

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link:...

CVE-2024-31871

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306...

IBM Security verify Access Appliance 信任管理问题漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls...

Open Source Medicine Ordering System v1.0 - SQLi

Exploit Title : Open Source Medicine Ordering System v1.0 - SQLi Author : Onur Karasalihoğlu Date : 27/02/2024 Sample Usage % python3 omossqliexploit.py https://target.com Available Databases: 1. informationschema 2. omosdb Please select a database to use enter number: 2 You selected: omosdb...

Open Source Medicine Ordering System 1.0 SQL Injection

Exploit Title : Open Source Medicine Ordering System v1.0 - SQLi Author : Onur Karasalihoğlu Date : 27/02/2024 Sample Usage % python3 omossqliexploit.py https://target.com Available Databases: 1. informationschema 2. omosdb Please select a database to use enter number: 2 You selected: omosdb...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-42013 Vulnerability Scanner This Python script check...

Exploit for Command Injection in Thimpress Learnpress

CVE-2023-6634 Exploit Script Description This repository...

CVE-2024-26703

CVE-2024-26703 affects the Linux kernel tracing/timerlat: the hrtimer was previously initialized at first timerlat_fd read and destroyed on close, which could trigger a NULL pointer dereference if a user opens and closes timerlat_fd without reading. A fix was implemented to move hrtimer_init to t...

Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure Exploit

Exploit Title: Siklu MultiHaul TG series - unauthenticated credential disclosure Exploit Author: semaja2 Vendor Homepage: https://siklu.com/ Software Link: https://partners.siklu.com/home/frontdoor Version: 2.0.0 Tested on: 2.0.0 CVE : None assigned Instructions 1. Perform IPv6 host detect by...

Exploit for Improper Access Control in Adobe Coldfusion

Proof of Concept script for CVE-2024-20767 Overview get-...

Exploit for OS Command Injection in Progress Loadmaster

CVE-2024-1212 Command Injection Exploit for Kemp LoadMaster 🛡️...

GL.iNet AR300M 3.216 Remote Code Execution

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

GL.iNet AR300M v4.3.7 Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

Exploit for Path Traversal in Jenkins

🤵🏻 CVE-2024-23897 Arbitrary-file-read 🤵🏻 ============= ---------...

Novel Smishing Kit Leverages Cloud Platform

Summary: SNS Sender, a malicious Python script that leverages AWS SNS for mass SMS spamming, presents a novel approach to cloud-based attack tools, particularly in the area of smishing. The ARDUINODAS threat actor is linked to the operation that uses this cloud capability to send out a lot of...

XAMPP - Buffer Overflow Exploit

Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ \ /| | || | /| ||...

Wondercms 4.3.2 - XSS to RCE

Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...