Lucene search
K

84 matches found

wpexploit
wpexploit
added 2021/07/05 12:0 a.m.146 views

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com Cooki...

6.5CVSS7AI score0.01721EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/06/21 12:0 a.m.21 views

Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning

The plugin is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution RCE of the system due to log poisoning and therefore potentially a full compromise of the underlying structure PoC RCE through chaining LFI with log poisoning 1. Path Traversal / Local File...

9CVSS0.04956EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2021/06/02 12:0 a.m.15 views

BigTree CMS Multiple Vulnerabilities (Sep 2020)

BigTree CMS is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS7AI score0.01819EPSS
Exploits3References1
NVD
NVD
added 2021/05/20 5:15 p.m.16 views

CVE-2021-32630

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...

9.6CVSS0.01562EPSS
Exploits1References3
Prion
Prion
added 2021/05/20 5:15 p.m.17 views

Design/Logic Flaw

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...

6.5CVSS8.5AI score0.01562EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/05/20 4:45 p.m.67 views

CVE-2021-32630

CVE-2021-32630 affects Admidio prior to version 4.0.4, where an authenticated user with upload permissions can exploit the Documents & Files upload feature to achieve remote code execution via a .phar-renamed PHP web shell. The payload can trigger a reverse or bind shell when the uploaded file is...

9.6CVSS8.7AI score0.01562EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/04/05 7:15 p.m.19 views

Input validation

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so...

9CVSS7AI score0.23844EPSS
Exploits3References2Affected Software1
Exploit DB
Exploit DB
added 2021/03/25 12:0 a.m.382 views

Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)

Exploit Title: Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass Authenticated RCE Date: 16/06/2020 Exploit Author: Andrea Gonzalez Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr/dolibarr Version: Prior to 11.0.5 Tested on: Debian 9.12 CVE :...

8.8CVSS7AI score0.27482EPSS
Exploits4
Rapid7 Blog
Rapid7 Blog
added 2021/01/29 9:9 p.m.938 views

Metasploit Wrap-Up

MobileIron MDM Hessian-Based Java Deserialization RCE Our very own wvu-r7 has added exploits/linux/http/mobileironmdmhessianrce, which exploits an ACL bypass in MobileIron MDM products to execute a Java deserialization attack using a Groovy gadget against a Hessian based endpoint. CVE-2020-15505...

10CVSS1.1AI score0.99737EPSS
Exploits39
Packet Storm
Packet Storm
added 2021/01/05 12:0 a.m.240 views

CMS Made Simple 2.2.15 Remote Command Execution

Exploit Title: CMS Made Simple 2.2.15 - RCE Authenticated Author: Andrey Stoykov Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Version: 2.2.15 Tested on: Debian 10 LAMPP Exploit and Detailed Info:...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/16 12:0 a.m.596 views

GitLab 11.4.7 - Remote Code Execution (Authenticated)

Exploit Title: GitLab 11.4.7 Authenticated Remote Code Execution No Interaction Required Date: 15th December 2020 Exploit Author: Mohin Paramasivam Shad0wQu35t Software Link: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested on...

7.7CVSS0.3AI score0.27983EPSS
Exploits5
GithubExploit
GithubExploit
added 2020/10/30 1:59 p.m.156 views

Exploit for OS Command Injection in Oscommerce

PoC exploit for CVE-2020-27976, an authenticated remote code exe...

10CVSS10AI score0.07038EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2020/10/21 12:0 a.m.188 views

CVE-2020-14883 — Authenticated RCE in Console component of Oracle WebLogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...

9.8CVSS8.2AI score0.99999EPSS
In wildExploits53References3
WPVulnDB
WPVulnDB
added 2020/10/08 12:0 a.m.40 views

Dynamic Content for Elementor < 1.9.6 - Authenticated RCE

The PHP Raw Widget https://www.dynamic.ooo/widget/php-raw/ of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com...

9CVSS0.2AI score0.05648EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2020/06/18 12:0 a.m.754 views

Cayin CMS NTP Server 11.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module...

0.2AI score0.33874EPSS
Exploits8
CVE
CVE
added 2020/02/07 10:49 p.m.1151 views

CVE-2019-19356

CVE-2019-19356 affects Netis WF2419 routers. A authenticated attacker can achieve remote code execution as root via the router Web management page, based on vulnerable firmware versions V1.2.31805 and V2.2.36123. The root cause is lack of input sanitization in the web interface, enabling exploita...

8.5CVSS7.8AI score0.27962EPSS
In wildExploits6References4Affected Software1
GithubExploit
GithubExploit
added 2020/01/29 11:11 p.m.259 views

Exploit for Unrestricted Upload of File with Dangerous Type in Artica Pandora_Fms

CVE-2020-5844 Authenticated RCE in PandoraFMS 7.0-NG 742 A...

7.2CVSS7.1AI score0.30254EPSS
Exploits6
Metasploit
Metasploit
added 2019/11/01 11:11 a.m.67 views

CMS Made Simple Authenticated RCE via object injection

An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1allparms parameter, an...

8.8CVSS7.3AI score0.12503EPSS
Exploits3
OpenVAS
OpenVAS
added 2019/07/31 12:0 a.m.111 views

Dolibarr < 9.0.3 Multiple Vulnerabilities

Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; if description...

8.8CVSS6.7AI score0.02236EPSS
Exploits3References2
Exploit DB
Exploit DB
added 2019/07/25 12:0 a.m.46 views

MyBB &lt; 1.8.21 - Remote Code Execution

/ Exploit Title: MyBB 1.8.21 Authenticated RCE Date: July 24, 2019 Exploit Author: Giovanni Chhatta https://www.linkedin.com/in/giovannichhatta/ Vendor Homepage: https://mybb.com/ Software Link: https://resources.mybb.com/downloads/mybb1820.zip Version: 1.8.20 Tested on: Windows 10 Blog:...

7.4AI score
Exploits0
Rows per page
Query Builder