14 matches found
Gogs Git Rebase Argument Injection RCE
This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...
CVE-2021-47937
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...
CVE-2021-47937
CVE-2021-47937 affects e107 CMS 2.3.0. Authenticated users with theme installation permissions can upload a crafted theme package via the theme.php endpoint, which deploys a web shell to thee107_themes directory and enables execution of system commands through payload.php. This results in remote ...
PT-2026-39512
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...
e107 代码问题漏洞
e107 is a set of open-source, free content management systems CMS developed by the E107 team. It is based on PHP and MySQL. This system supports various plugins and theme options, making it suitable for use as a personal blog, discussion community, or archive repository. Version 2.3.0 of e107 has...
Exploit for CVE-2024-3912
Why? Publishing because Mirai are a bunch of irrit...
Apache NiFi 1.17.0 Remote Code Execution
Apache NiFi version 1.17.0 proof of concept remote code execution exploit that takes advantage of a flaw discovered in 2023. ============================================================================================================================================= | Title : Apache NiFi 1.17.0 R...
Exploit for Out-of-bounds Write in Apple Macos
CVE-2021-30853 A simple POC script to test for CVE-2021-30657...
Notex the best notes 6.4 - Denial of Service Exploit
Exploit Title: Notex the best notes 6.4 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/notex-the-best-notes/id847994217 Version: 6.4 Category: DoS iOS Vulnerability Notex – the best notes is vulnerable to a DoS condition when a long list of characters i...
memono Notepad Version 4.2 - Denial of Service Exploit
Exploit Title: memono Notepad Version 4.2 - Denial of Service PoC Author: Geovanni Ruiz Download Link: https://apps.apple.com/es/app/memono-bloc-de-notas/id906470619 Version: 4.2 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of characters is being...
Hardcoded credentials
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary...
GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service Exploit
Exploit Title: GeoGebra Graphing Calculator 6.0.631.0 - Denial Of Service PoC Exploit Author: Brian Rodriguez Vendor Homepage: https://www.geogebra.org Software Link: https://www.geogebra.org/download Version: 6.0.631.0-offlinegraphing Tested on: Windows 8.1 Pro STEPS Open the program Graficado...
Exploit for CVE-2020-7931
CVE-2020-7931: SSTI exploitation in Artifactory Pro ============...
Cloak - Backdoor In Any Python Script With Some Tricks
Cloak is an intelligent python backdoor framework. What it exactly does? Cloak generates a python payload via msfvenom and then intelligently injects it into the python script you specify. To evade basic detection, Cloak breaks the payload into several parts and places it in different places in t...