Exploit for Path Traversal in Codiad

Exploit-Framework Exploits: |Vendor|Vulnerability|Effected Version|Description|Author| |:-:|:-:|:-:|:-:|:-:| |zblog|NOTCVE| https://github.com/WangYihang/Exploit-Framework/wiki Contribution: 1. Guidance of writing exploit module TODO: - 解析字符串 - 深层模块化 - 上下文栈维护 - 日志 - 自动补全 - Exploit 搜索 - Wiki -...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to target a specific vulnerability in a Windows system, exploiting the SMB protocol to gain remote code execution. The module is written in Ruby and is part of the Metasploit Framework's...

Exploit for CVE-2020-16898

It is an exploit module targeting Apache Log4j. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the "exploit.py" script. Not specified. Preconditions are a vulnerable version of Apache Log4j. The expected impact is RCE...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the PHP 7+ versions, but the bug itself is present in earlier versions. The exploit works by setting the...

Exploit for Out-of-bounds Write in Php

It is an exploit module/toolkit targeting a remote code execution vulnerability. The target product/service or framework is php-fpm and Nginx. The vulnerability class/vector is remote code execution RCE. The probable entry point is not specified. Notable dependencies/tooling include Python and...

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters. Recent assessments: wvu-r7 at May 21, 2020 5:51am UTC...

Exploit for CVE-2020-11651

It is an exploit module for Apache HTTP Server versions prior to...

Exploit for Improper Input Validation in Microsoft

It is an exploit module for CVE-2019-0604, a remote code execution vulnerability in SharePoint. The target product/service is SharePoint, and the vulnerability class/vector is RCE. The probable entry point is not specified, but the usage link suggests it may be invoked via a web interface...

IBM Cognos TM1 / IBM Planning Analytics Server Configuration Overwrite / Code Execution

Hi, Here's a fun one I have been working on for some time. tl;dr IBM PA / TM1, dating back to 2014, maybe 2009 is vulnerable to a unauthenticated configuration overwrite; this is abused to "fake authenticate" to it, and finally execute code as root / SYSTEM using TM1 scripting. Advisory below,...

welpwn

This is an exploit module for a vulnerability in a binary, targeting a heap-based overflow in a baby heap implementation. The exploit is designed to execute a shell on the vulnerable system. The exploit uses a combination of alloc, show, and delete functions to manipulate the heap and create a...

Easy Adress Book Web Server Buffer Overflow

Easy Adress Book Web Server suffers from a vulnerability while processing a user-supplied cookie, specifically the UserID parameter, which allows the attacker to cause a buffer overflow and result a crash or gain arbitrary code execution under the context of the user. This was originally discover...

Metasploit Sample Linux Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Sample Linux Pri...

Exploit for OS Command Injection in Webmin

CVE-2019-15107: Exploit Modules Available for Remote Code Exe...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to target a vulnerability in a specific product or service, but the exact target is not specified in the provided context. The module is likely intended to be used by penetration testers and...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is used to exploit a vulnerability in the Windows SMB service, specifically the MS08-067 NetAPI vulnerability. The module is designed to run on the Metasploit Framework and can be used to test the...

Baldr Botnet Panel - Arbitrary Code Execution Exploit

This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading t...

Exploit for Use After Free in Microsoft

Note: This project has been archived as actual exploits have...

Exploit for Use After Free in Microsoft

It is an exploit module for Windows Remote Desktop Service vul...

WordPress 5.0.0 crop-image Shell Upload Exploit

This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the...

CVE-2019-1003005

creationtimestamp| type| source ---|---|--- 2019-03-18 12:37:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkinsmetaprogramming.rb 2022-07-31 07:01:12+00:00| published-proof-of-concept| https://t.me/poxek/2140 2023-04-06 10:40:22+00:00|...