CVE-2021-23632 Remote Code Execution (RCE)

All versions of package git are vulnerable to Remote Code Execution RCE due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git =...

VTENEXT 19 CE - Remote Code Execution

!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...

Microsoft Windows taskschd.msc Privilege Escalation

Microsoft Windows 'taskschd.msc' Local SYSTEM Privilege Escalation Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especiall...

Turbomail邮件系统正文持久型XSS漏洞

简要描述： 邮件系统对邮件内容过滤不严格，导致存储型跨站。 详细说明： 1、TurboMail邮件系统对邮件内容过滤不严格，导致存储型FLASH跨站，打开邮件即可触发漏洞，由于FLASH文件可以执行javascript代码，所以我们可以利用此漏洞进行盗取用户信息、用户邮件、钓鱼、修改用户设置、转发邮件等操作。 涉及版本v5.2.0 漏洞证明： TurboMail下载地址：http://www.turbomail.org/download.html 测试浏览器：Firefox29.0.1、Chrome33.0.1750.149 m 1、写邮件，使用代理对请求进行拦截，本次使用burp...

Microsft COFEE v1.1.2 DLL Hijacking Exploit

=========================================== Microsft COFEE v1.1.2 DLL Hijacking Exploit =========================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// //...

Microsft COFEE v1.1.2 DLL Hijacking Exploit

Exploit for windows platform in category local exploits =========================================== Microsft COFEE v1.1.2 DLL Hijacking Exploit =========================================== =========================================== Microsft COFEE v1.1.2 DLL Hijacking Exploit...

Microsoft (r) Windows Based Script Host (wscript.exe) DLL Hijacking

Exploit for windows platform in category local exploits =================================================================== Microsoft r Windows Based Script Host wscript.exe DLL Hijacking ===================================================================...