FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug

The U.S. Federal Bureau of Investigation FBI has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks,...

Patch now! FatPipe VPN zero-day actively exploited

According to its marketing team, a FatPipe MPVPN can make your VPN "900% more secure." Well, I dont know about that, but I do know a way to make your MPVPN admin console 100% more secure, and that you should do so right away, by installing the latest version of its software. Why? Because older...

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...

New 'Moses Staff' Hacker Group Targets Israeli Companies With Destructive Attacks

A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or...

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on SSO solution. The spying...

CVE-2021-42669

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboardteacher.php, which allows changing the avatar through teacheravatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By...

rConfig SQL注入漏洞

rConfig is an open source network device configuration management utility . A SQL injection vulnerability exists in rConfig version 3.9.6. An attacker can exploit this vulnerability to upload a webshell to the server and access it remotely...

Online Food Ordering System 2.0 Shell Upload

Exploit Title: Online Food Ordering System 2.0 - Unauthenticated Remote Code Execution Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-19 Vendor Homepage: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html Software Link:...

in cortezaproject/corteza-server

✍️ Description Hi team i found an Unrestricted File Upload on https://latest.cortezaproject.org/ which let me upload anything. File Extensions Such as .html , .svg and others should not be executed on the server side. 🕵️‍♂️ Proof of Concept Step to Reproduce 1- Go to the Employees tab and choose an...

Simple Image Gallery Web App Access Control Error Vulnerability

Simple Image Gallery Web App is a web-based application that can be managed by multiple users. Users can store their images in this Web application.An access control error vulnerability exists in Simple Image Gallery Web App, which stems from an unrestricted file upload of Simple Image Gallery We...

CDK

This repository is an open-sourced container penetration toolkit called CDK, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs to help users escape container and take over K8s cluster...

CVE-2021-38753

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app...

Unrestricted file upload

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app...

CVE-2021-38753

The CVE-2021-38753 entry concerns Simple Image Gallery Web App, with an unrestricted file upload vulnerability that can be exploited to upload a web shell and execute it, potentially gaining unauthorized access to the hosting server. Multiple sources describe an access control/file-upload flaw en...

Simple Image Gallery Web App 代码问题漏洞

Simple Image Gallery Web App is a web-based application that can be managed by multiple users. Users can store their images in this Web application.An access control error vulnerability exists in Simple Image Gallery Web App, which stems from an unrestricted file upload of Simple Image Gallery We...

Wsh - Web Shell Generator And Command Line Interface

wsh pronounced woosh is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you have to type in an input box and press a button. I wanted something that fits into my workflow better...

Exploit for Out-of-bounds Write in Gnu Glibc

This is a PoC exploit for CVE-2015-0235, a vulnerability in the GNU C Library glibc that allows for remote code execution RCE through a buffer overflow in the gethostbyname function. The exploit is implemented in the kadimus tool, which is a LFI Local File Inclusion scanner and exploit tool. The...

S-CMS 输入验证错误漏洞

S-CMS is a product developed by Zibo Shining Network Technology Co., Ltd. that provides solutions for building enterprise websites. a remote code execution vulnerability exists in /1.com.php in S-CMS version 3.0 PHP version. An attacker can exploit the vulnerability by modifying PHP files to get ...

WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...

WordPress Popular Posts 5.3.2 Shell Upload

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...