WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated Remote Code Execution Exploit

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested on: Unix CVE :...

WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...

MSNSwitch Firmware MNT.2408 Remote Code Execution

Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion RCE Google Dork: n/a Date:9/1/2022 Exploit Author: Eli Fulkerson Vendor Homepage: https://www.msnswitch.com/ Version: MNT.2408 Tested on: MNT.2408 firmware CVE: CVE-2022-32429 !/usr/bin/python3 """ POC for unauthenticated...

VMware Cloud Foundation XStream Deserialization

Added: 10/31/2022 Background VMware Cloud Foundation is a hybrid cloud platform. Problem An XStream deserialization vulnerability in the NSM Manager component of VMware Cloud Foundation NSX-V allows a remote attacker to execute arbitrary commands. Resolution Apply the patch referenced in...

CVE-2022-36532

Summary: Bolt CMS

CVE-2022-33085

ESPCMS P8 is affected by an authenticated remote code execution (RCE) vulnerability in the fetch_filename function under espcms_public/espcms_templates/ESPCMS_Templates. The Red Hat advisory and related records corroborate the issue, describing an authenticated RCE path via that function. No prod...

Authenticated RCE through /admin/settings/email endpoint

Description Craftcms is vulnerable to Command Injection on the email settings, on the /admin/settings/email endpoint. An attacker can send a POST request with a specially crafted transportTypescraft\mail\transportadapters\Sendmailcommand= parameter to inject arbitrary commands that will be execut...

Metasploit Weekly Wrap-Up

ManageEngine ADSelfService Plus Authenticated RCE This module is pretty exciting for us because it's for a vulnerability discovered by our very own Rapid7 researchers Jake Baines, Hernan Diaz, Andrew Iwamaye, and Dan Kelly. The vulnerability allowed for attackers to leverage the "custom script"...

CVE-2022-0551 Authenticated RCE on project configuration import in Guardian/CMC before 22.0.0

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...

CVE-2021-44664

CVE-2021-44664 affects Xerte up to version 3.9, with an authenticated RCE described in multiple sources. The vulnerability resides in website_code/php/import/fileupload.php, where an attacker can upload a malicious PHP file disguised as a language file to bypass upload filters. The attacker can t...

Tiny File Manager 2.4.3 Shell Upload

Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "admin@123" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then printf "✔...

CVE-2021-46360

Composr-CMS 10.0.39 and earlier is affected by an authenticated remote code execution vulnerability. The issue allows an authenticated attacker to upload a PHP shell via /adminzone/index.php?page=admin-commandr, enabling arbitrary code execution on the server. Public exploit references exist (e.g...

Wordpress Popular Posts Authenticated RCE

This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address 192/172/127/10. The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Introduction This write-up provides an over...

Exploit for OS Command Injection in Webmin

CVE-2019-12840.py...

E-Negosyo System 1.0 Shell Upload

Exploit Title: E-Negosyo System 1.0 - Authenticated RCE Date: 2021-09-22 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version: 1.0 Category: Webapps...

BSCW Server Remote Code Execution Vulnerability

BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an authenticated remote code execution vulnerability. ======================================================================= title: Authenticated RCE product: BSCW Server...

CVE-2021-24430 Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com Cooki...

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com...