AlphaWeb XE - File Upload Remote Code Execution (Authenticated) Exploit

Exploit Title: AlphaWeb XE - File Upload Remote Code Execution RCE Authenticated Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb Example: python3 CVE-2021-40845.py -u "http://$ip:80/" -c "whoami" Referenc...

Purchase Order Management System 1.0 Shell Upload

Exploit Title: Purchase Order Management System 1.0 - Remote File Upload Date: 2021-09-14 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...

SmartFTP Client 10.0.2909.0 Denial Of Service

Exploit Title: SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Date: 9/5/2021 Exploit Author: Eric Salario Vendor Homepage: https://www.smartftp.com/en-us/ Software Link: https://www.smartftp.com/en-us/download Version: 10.0.2909.0 32 and 64 bit Tested on: Microsoft Windows 10 32 bit a...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 An OGNL injection vulnerability exists that...

exprolog

This is a Python script that exploits a vulnerability in Microsoft Exchange Server. The script is designed to target a specific version of the server and exploit a vulnerability to gain access to the system. Here is a summary of the script's functionality: 1. The script starts by importing the...

Exploit for SQL Injection in Agentejo Cockpit

Cockpit CMS NoSQL Injection CVE-2020-35847, CVE-2020-35848...

3 Steps to Integrate Rapid7 Products Into the DevSecOps Cycle

DevSecOps is the concept and practice of integrating security into the DevOps cycle. The idea is to bring the different phases of security into the DevOps model and try to automate the entire process, so security is integrated directly into the initial application builds. In this post, we’ll take...

Exploit for CVE-2021-36934

CVE-2021-36934 !Screenshothttps://github...

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472 ZeroLogon vulnerability. The target product/service is Windows Domain Controller DC. The vulnerability class/vector is authentication bypass via all-zero challenge. The probable entry point is the Netlogon service, which is accessed via the Impacket library. Notable...

Exploit for SQL Injection in Agentejo Cockpit

CVE-2020-35846 - Leak Cockpit Usernames PoC John Hammond...

Exploit for SQL Injection in Apache Skywalking

CVE-2020-9483 PoC of SQL Injection vulCVE-2020-9483,Apache...

Exploit for OS Command Injection in Systeminformation

CVE-2021-21315 Exploit - Des: My python Scri...

Exploit for OS Command Injection in Openbsd Openssh

CVE-2020-15778-Exploit Exploit for CVE-2020-15778OpenSSH v...

Exploit for CVE-2020-1472

PoC exploit for CVE-2020-1472, a vulnerability in the Windows Netlogon service that allows authentication bypass. The exploit uses the Impacket library to test the vulnerability and attempt to perform a Netlogon authentication bypass. It targets the Netlogon service on a domain controller and sen...

Online Voting System 1.0 SQL Injection / Remote Code Execution

Exploit Title: Online Voting System 1.0 - SQLi Authentication Bypass + Remote Code Execution RCE Exploit Author: Geiseric Original Exploit Author: deathflash1411 - https://www.exploit-db.com/exploits/50076 - https://www.exploit-db.com/exploits/50075 Date 02.07.2021 Vendor Homepage:...

Incorrect Permission Assignment for Critical Resource in Plone

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

GHSA-HM2P-FHWX-9285 Incorrect Permission Assignment for Critical Resource in Plone

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

Rocket.Chat 3.12.1 NoSQL Injection / Code Execution

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat !/usr/bin/python...

Inkpad Notepad And To Do List 4.3.61 Denial Of Service

Exploit Title: Inkpad Notepad & To do list 4.3.61 - Denial of Service PoC Date: 2021-06-03 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.workpail.inkpad.notepad.notes&hl=esMX Version: 4.3.61 Category: DoS Android Vulnerability InkPad Bloc de notas - Tare...

BasicNote 1.1.9 - Denial of Service Exploit

Exploit Title: BasicNote 1.1.9 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=esMX Version: 1.1.9 Category: DoS Android Vulnerability BasicNote - Notas, Bloc de notas is vulnerable to a DoS...