Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell Threat Sandbox CVE-2022-22965 Overview Thi...

EUVD-2024-51059

Malicious code in bioql PyPI...

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

📄 Samsung MagicINFO 9 Server Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Samsung MagicINFO 9 Server versions less than or equal to 21.1050.0. Remote code execution can be obtained by exploiting the path traversal vulnerability CVE-2024-7399 in the SWUpdateFileUploader servlet, which can be querie...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

CVE-2024-50379-Exploit This repository provides a Python scri...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

CVE-2024-50379-POC This repository contains a Python script de...

CVE-2024-12700

There is an unrestricted file upload vulnerability where it is possible for an authenticated user low privileged to upload an jsp shell and execute code with the privileges of user running the web server...

CVE-2024-12700

CVE-2024-12700 relates to Tibbo AggreGate Network Manager. The provided documents identify an unrestricted file upload vulnerability in the UploaderTempFileController (Tibbo Aggregate Network Manager) that allows an authenticated, low-privileged user to upload a JSP shell and execute arbitrary co...

PT-2024-17717 · Tibbo · Tibbo Aggregate Network Manager

Name of the Vulnerable Software and Affected Versions: Tibbo AggreGate Network Manager affected versions not specified Description: The issue is related to an unrestricted file upload vulnerability. This allows an authenticated user with low privileges to upload a jsp shell, which can then execut...

Exploit for CVE-2018-2894

Weblogic CVE-2018-2894 CVE-2018-2894 0x01 前言 Oracle 7月更新中，修复了Weblogic Web Service Test Page中一处任意文件上传漏洞，Web Service Test Page 在“生产模式”下默认不开启，所以该漏洞有一定限制， 利用该漏洞，可以上传任意jsp文件，进而获取服务器权限。 0x02 漏洞环境 Ubuntu 16.04 https://github.com/vulhub/vulhub/blob/master/weblogic/CVE-2018-2894/ 执行如下命令，启动weblogic 12.2.1....

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 A preauth arbitrary file upload that leads t...

Cayin xPost 2.5 SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfindermeetinginput.jsp file's wayfinderseqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and...

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

CVE-2020-5846

The CVE-2020-5846 issue affects Ahsay Cloud Backup Suite 8.3.0.30. It describes an insecure file upload via PUT /obs/obm7/file/upload, where a base64-encoded pathname is supplied in the X-RSW-custom-encode-path header and the file contents in the request body. This allows uploading a file into an...

CVE-2019-10267

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the...

CVE-2019-10267

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.1.0.50. It is possible to upload a file into any directory of the server. One can insert a JSP shell into the web server's directory and execute it. This leads to full access to the system, as the...

Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities

Exploit for linux platform in category web applications ''' KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities Title: Dell OpenManage Network Manager Multiple Vulnerabilities Advisory ID: KL-001-2018-009 Publication Date: 2018.11.05 Publication URL:...

Tomcat RCE via JSP Upload Bypass

This module uses a PUT request bypass to upload a jsp shell to a vulnerable Apache Tomcat configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tomcat RCE via JSP Upload Bypass',...

Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution Vulnerabilities

Exploit for windows platform in category remote exploits I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a pat...