2118 matches found
MajorDoMo Supply Chain RCE via Update Poisoning
This module exploits an unauthenticated remote code execution vulnerability in MajorDoMo's saverestore module via supply chain poisoning. The saverestore module's admin method is reachable without authentication through the /objects/?module=saverestore endpoint because usual calls admin directly...
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2020-29607 — Pluck CMS Authenticated remote code executio...
Online-Traffic-Offense-Management-System-1.0-Unauthenticated-RCE-PoC
Online Traffic Offense Management System 1.0 — Unauthenticated...
WordPress plugin Wiguard 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
📄 Dell RecoverPoint for Virtual Machines Shell Upload
This proof of concept leverage Tomcat manager credentials to upload and execute a malicious WAR file containing a JSP web shell on Dell RecoverPoint appliances...
Exploit for CVE-2026-27180
MajorDoMo RCE !Authorhttps://img.shields.io/badge/Author-Mo...
Exploit for Path Traversal in Welcart Welcart_E-Commerce
Zenario CMS 9.3 - Unauthenticated RCE Exploit CVE-2022-418...
CVE-2026-27180
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...
CVE-2026-27180
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...
CVE-2026-27180 MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...
CVE-2026-27180
CVE-2026-27180 — MajorDoMo supply chain RCE : Affected MajorDoMo allows unauthenticated remote code execution via a poisoned update URL. The saverestore admin endpoint at /objects/?module=saverestore is exposed because gr('mode') reads from $_REQUEST instead of the framework’s mode, enabling an a...
Exploit for OS Command Injection in Std42 Elfinder
CVE-2019-9194 — elFinder Command Injection PoC Command in...
Exploit for OS Command Injection in Std42 Elfinder
CVE-2019-9194 — elFinder Command Injection PoC Command in...
📄 RuoYi 4.7.9 Advanced SQL Injection Exploitation Toolkit
This Python script is a sophisticated SQL injection exploitation tool that targets Java web applications specifically RuoYi framework, with additional remote code execution capabilities. The tool performs blind SQL injection attacks and includes multiple methods for escalating from SQL injection ...
PT-2026-20516
MajorDoMo aka Major Domestic Module is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin method through the /objects/?module=saverestore endpoint without authentication because it uses gr'mode'...
CVE-2020-36973
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
CVE-2020-36973
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
CVE-2020-36973
PDW File Browser 1.3 is affected by a remote code execution vulnerability that lets authenticated users upload and rename webshell files to arbitrary web server locations. An attacker can upload a .txt webshell, rename it to .php, and move it into accessible directories using double-encoded path ...
CVE-2020-36973 PDW File Browser 1.3 - Remote Code Execution
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...
EUVD-2020-30880
PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it to accessible directories using double-encoded path...