2118 matches found
ProxyLogon - PoC Exploit for Microsoft Exchange
PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanull How to use: python proxylogon.py Example: python proxylogon.py primary [email protected] If successful you will be dropped into a webshell. exit or quit to escape from the webshell or ctrl+c By default, it...
File upload vulnerability in We7 CMS (CNVD-2021-24741)
We7 CMS is a domestic asp.net-based at the same time with open source and open plug-in CMS system. A file upload vulnerability exists in We7 CMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in NGFW of Netcom Next Generation Firewall (CNVD-2021-24752)
Netcom Next Generation Firewall NGFW is an application layer firewall launched by Netcom Technology that can comprehensively deal with network threats. A file upload vulnerability exists in NGFW. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Seven Bears Library System
Seven bears library system is a similar to Baidu library online document preview, selling system. A file upload vulnerability exists in the Seven Bears Library System. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in NS-NGFW Backend of Netcom Next-Generation Firewalls
hereinafter referred to as Netcom was founded in 2004, is specialized in providing operators, finance, government, education, health care, enterprises, hotels, export integrated application gateway. A file upload vulnerability exists in the background of NS-NGFW. Attackers can utilize the...
Arbitrary File Upload Vulnerability in Website Management System of Hangzhou Boce Network Technology Co.
Hangzhou Bocai Network Technology Co., Ltd. provides comprehensive digital innovation services. An arbitrary file upload vulnerability exists in the website management system login of Hangzhou Boce Network Technology Co. An attacker could use this vulnerability to upload a webshell and gain serve...
File Upload Vulnerability in NGFW of Netcom NGFW
Netcom Next Generation Firewall NGFW is an application layer firewall launched by Netcom Technology that can comprehensively deal with network threats. A file upload vulnerability exists in NGFW. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in NGFW of Netcom Next Generation Firewall (CNVD-2021-24366)
Netcom Next Generation Firewall NGFW is an application layer firewall launched by Netcom Technology that can comprehensively deal with network threats. A file upload vulnerability exists in NGFW. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
VMware vCenter Server File Upload / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren'...
File upload vulnerability exists in UCMS (CNVD-2021-21601)
UCMS is a content management system written in PHP. There is a file upload vulnerability in the UCMS backend, which can be exploited by an attacker to upload arbitrary scripts to obtain a website webshell...
Exploit for Path Traversal in Microsoft
I will continue to add any new code or modify existing code ba...
Exploit for Path Traversal in Vmware Cloud_Foundation
cve-2021-21972 Usage Instructions p...
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR’s Attacker Behavior Analytics ABA. The Managed Detection and Response MDR identified multiple, related compromises in the past 72 hours. In most...
File Upload Vulnerability in Merchant Backend Management System of Lianyungang Bubble Network Technology Co.
Lianyungang Bubble Network Technology Co., Ltd. focuses on WeChat small program micro-mall community group purchasing, fresh food e-commerce system development, is committed to the retail industry, to provide omni-channel e-commerce solutions. Lianyungang roll bubble network technology limited...
Indiscriminate Exploitation of Microsoft Exchange Servers (CVE-2021-24085)
The following blog post was co-authored by Andrew Christian and Brendan Watters. Beginning Feb. 27, 2021, Rapid7’s Managed Detection and Response MDR team has observed a notable increase in the automated exploitation of vulnerable Microsoft Exchange servers to upload a webshell granting attackers...
VMware vCenter Server 7.0 - Unauthenticated File Upload
Exploit Title: VMware vCenter Server 7.0 - Unauthenticated File Upload Date: 2021-02-27 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2021-0002.html Version: vCenter Server 6.5 7515524. File name CVE-2021-21972.py written by tijldotdeneutathowestdotb...
VMware vCenter Server 7.0 Arbitrary File Upload
Exploit Title: VMware vCenter Server 7.0 - Unauthenticated File Upload Date: 2021-02-27 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2021-0002.html Version: vCenter Server 6.5 7515524. File name CVE-2021-21972.py written by tijldotdeneutathowestdotb...
File Upload Vulnerability in KUKA.OfficeLite
KUKA.OfficeLite is KUKA's virtual robot controller. A file upload vulnerability exists in KUKA.OfficeLite. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Xunrui CMS
CMS is a content management framework based on CodeIgniter4. A file upload vulnerability exists in XunRui CMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities
Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon. The intrusion campaign — which breached "several French entities" — is said to have started in late 2017 and...