CVE-2017-6526

CVE-2017-6526 affects dnaTools dnaLIMS 4-2015s13. An unauthenticated command-execution flaw exists via an improperly protected administrative web shell at cgi-bin/dna/sysAdmin.cgi, triggered by POST requests. Public sources describe that the web interface bypasses authentication, enabling remote ...

CVE-2017-6526

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests. Recent assessments: h00die at March 27, 2020 4:16pm UTC reported: The Admin console...

Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation Vulnerabilities

Teradici Management Console version 2.2.0 suffers from privilege escalation and remote shell upload vulnerabilities Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...

Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation

Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage: http://www.teradici.com/products-and-solutions/pcoip-products/management-console Software Link:...

Teradici Management Console 2.2.0 - Privilege Escalation

Teradici Management Console 2.2.0 - Privilege Escalation Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...

Teradici Management Console 2.2.0 - Privilege Escalation

Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage: http://www.teradici.com/products-and-solutions/pcoip-products/management-console Software Link:...

Input validation

An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...

CVE-2017-5219

An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...

CVE-2017-5219

An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...

POSNIC Unauthenticated Remote Code Execution

Exploit Title : POSNIC all versiontill 1.03 unauthenticated remote code execution Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 01/02/2017 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Discovered At : Indishe...

POSNIC Unauthenticated Remote Code Execution Vulnerability

POSNIC versions prior to 1.03 suffer from a code execution vulnerability when set up to trust data from a compromised mysql instance. Exploit Title : POSNIC all versiontill 1.03 unauthenticated remote code execution Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Dat...

PHP Web Shell Detection (China Chopper)

Binary data 9487.prm...

JSP Web Shell Detection (China Chopper)

Binary data 9488.prm...

ASP Web Shell Detection (China Chopper)

Binary data 9489.prm...

X (Formerly Twitter): reverb.twitter.com redirects to vulnerable reverb.guru

Hi! http://reverb.twitter.com redirects requests to http://reverb.guru which hosts a vulnerable PHP application. I managed to get RCE there which allows to modify the contents of this site, so that reverb.twitter.com will redirect to a phishing page or force a malicious file download. I was able ...

Hacker Installed a Secret Backdoor On Facebook Server to Steal Passwords

How to Hack Facebook? That’s the most commonly asked question during this decade. It’s a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached in...

JMX2 Email Tester - save_email.php Arbitrary File Upload

JMX2 Email Tester - saveemail.php Arbitrary File Upload Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link:...

JMX2 Email Tester - save_email.php Arbitrary File Upload Exploit

Exploit for multiple platform in category web applications Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link:...

JMX2 Email Tester - 'save_email.php' Arbitrary File Upload

Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link: https://github.com/johnfmorton/jmx2-Email-Tester/archive/master.zip Tested on: debian wheezy CVE : none...

JMX2 Email Tester Remote Shell Upload

Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link: https://github.com/johnfmorton/jmx2-Email-Tester/archive/master.zip Tested on: debian wheezy CVE : none...