Exploit for Deserialization of Untrusted Data in Microsoft

ZeroPoint.ps1 ⚠ A defensive PowerShell utility to detect an...

CVE-2025-5378

A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2025-5378 Astun Technology iShare Maps mycouncil2.aspx cross site scripting

A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2025-5378 Astun Technology iShare Maps mycouncil2.aspx cross site scripting

A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

CVE-2020-23284

Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application...

CVE-2025-1646 Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload

A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack m...

CVE-2024-42677

An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component...

CVE-2024-42676

File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component...

CVE-2024-42676

Huizhi enterprise resource management system v1.0 and earlier is affected by a File Upload vulnerability in the /nssys/common/Upload.aspx?Action=DNPageAjaxPostBack endpoint that allows remote code execution. The issue arises from the file upload functionality, enabling an attacker to run arbitrar...

D3m0n1z3dShell - Demonized Shell Is An Advanced Tool For Persistence In Linux

Demonized Shell is an Advanced Tool for persistence in linux. Install git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.git cd D3m0n1z3dShell chmod +x demonizedshell.sh sudo ./demonizedshell.sh One-Liner Install Download D3m0n1z3dShell with all files: curl -L...

Tyler Technologies Magistrate Court Case Management Plus Authorization Issue Vulnerability

Tyler Technologies Magistrate Court Case Management Plus is a district court case management system from Tyler Technologies. A security vulnerability exists in Tyler Technologies Magistrate Court Case Management Plus. A remote attacker can exploit the vulnerability by enumerating directories usin...

Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode

Double Venom DVenom is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your shellcode. Capable of bypassing some well-known antivirus AVs. Offers multiple encryption methods including RC4, AES256, XOR, and ROT. Produces source code in C, Rust, PowerShell...

CVE-2023-26578 Arbitrary File Upload to Web Root In IDAttend’s IDWeb Application

Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server...

CREALOGIX EBICS 跨站脚本漏洞

A cross-site scripting vulnerability exists in CREALOGIX EBICS version 7.0, which stems from the lack of effective filtering and escaping of user-supplied data in the /ebics-server/ebics.aspx file, which could be exploited to inject cross-site code and launch XSS attack...

CVE-2022-34919

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands...

CVE-2022-27249

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource...

CVE-2022-27249

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource...

CVE-2022-27249

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource...

Unrestricted file upload

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource...